Enabling Visual Analytics via Alert-driven Attack Graphs

Conference paper (2021)

Authors

A. Nadeem

S.E. Verwer

Stephen Moskal Rochester Institute of Technology

Shanchieh Jay Yang Rochester Institute of Technology

DOI: https://doi.org/10.1145/3460120.3485361

Attack graphs Intrusion alerts Intrusion alerts Attack graphs Finite state automaton Finite state automaton

To reference this document use:

http://resolver.tudelft.nl/uuid:66025049-d059-4a1a-b971-4474736f40f0

More Info

expand_more

Published Date

2021

Language

English

Reuse Rights

Other than for strictly personal use, it is not permitted to download, forward or distribute the text or part of it, without the consent of the author(s) and/or copyright holder(s), unless the work is under an open content license such as Creative Commons.

Abstract

Attack graphs (AG) are a popular area of research that display all the paths an attacker can exploit to penetrate a network. Existing techniques for AG generation rely heavily on expert input regarding vulnerabilities and network topology. In this work, we advocate the use of AGs that are built directly using the actions observed through intrusion alerts, without prior expert input. We have developed an unsupervised visual analytics system, called SAGE, to learn alert-driven attack graphs. We show how these AGs (i) enable forensic analysis of prior attacks, and (ii) enable proactive defense by providing relevant threat intelligence regarding attacker strategies. We believe that alert-driven AGs can play a key role in AI-enabled cyber threat intelligence as they open up new avenues for attacker strategy analysis whilst reducing analyst workload.

Files

Poster_abstract_ccs_updated.pd... (pdf)

(pdf | 1.88 Mb)

Unknown license

Download not available

3460120.3485361_1_.pdf

(pdf | 2.32 Mb)

- Embargo expired in 13-05-2022

Unknown license