Print Email Facebook Twitter Enabling Visual Analytics via Alert-driven Attack Graphs Title Enabling Visual Analytics via Alert-driven Attack Graphs Author Nadeem, A. (TU Delft Cyber Security) Verwer, S.E. (TU Delft Cyber Security) Moskal, Stephen (Rochester Institute of Technology) Yang, Shanchieh Jay (Rochester Institute of Technology) Date 2021 Abstract Attack graphs (AG) are a popular area of research that display all the paths an attacker can exploit to penetrate a network. Existing techniques for AG generation rely heavily on expert input regarding vulnerabilities and network topology. In this work, we advocate the use of AGs that are built directly using the actions observed through intrusion alerts, without prior expert input. We have developed an unsupervised visual analytics system, called SAGE, to learn alert-driven attack graphs. We show how these AGs (i) enable forensic analysis of prior attacks, and (ii) enable proactive defense by providing relevant threat intelligence regarding attacker strategies. We believe that alert-driven AGs can play a key role in AI-enabled cyber threat intelligence as they open up new avenues for attacker strategy analysis whilst reducing analyst workload. Subject Attack graphsIntrusion alertsFinite state automatonattack graphsfinite state automatonintrusion alerts To reference this document use: http://resolver.tudelft.nl/uuid:66025049-d059-4a1a-b971-4474736f40f0 DOI https://doi.org/10.1145/3460120.3485361 Publisher Association for Computing Machinery (ACM) Embargo date 2022-05-13 ISBN 978-1-4503-8454-4 Source CCS 2021 - Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security Event ACM SIGSAC Conference on Computer and Communications Security, 2021-11-15 → 2021-11-19, Virtual Series Proceedings of the ACM Conference on Computer and Communications Security, 1543-7221 Bibliographical note Green Open Access added to TU Delft Institutional Repository 'You share, we take care!' - Taverne project https://www.openaccess.nl/en/you-share-we-take-care Otherwise as indicated in the copyright section: the publisher is the copyright holder of this work and the author uses the Dutch legislation to make this work public. Part of collection Institutional Repository Document type conference paper Rights © 2021 A. Nadeem, S.E. Verwer, Stephen Moskal, Shanchieh Jay Yang Files PDF 3460120.3485361_1_.pdf 2.32 MB Close viewer /islandora/object/uuid:66025049-d059-4a1a-b971-4474736f40f0/datastream/OBJ/view