Investigating the modeling assumptions of alert-driven attack graphs: A cognitive load-based quantification approach of interpretability in attack graphs

The interpretability of an attack graph is a key principle as it reflects the difficulty of a specialist to take insights into attacker strategies. However, the quantification of interpretability is considered to be a subjective manner and complex attack graphs can be challenging to read and interpret. In this research paper, we propose a new...

Investigating the impact of PDFA implementation on alert-driven attack graphs: A comparison between the Suffix-based PDFA and PDFA models

SAGE is a deterministic and unsupervised learning pipeline that can generate attack graphs from intrusion alerts without input knowledge from a security analyst. Using a suffix-based probabilistic deterministic finite automaton (S-PDFA), the system compresses over 1 million alerts into less than 500 attack graphs (AGs), which are concise and...

Analyzing Flow Rule Attacks and Policy Enforcement in Software Defined Networking

Software Defined Networking (SDN) is a new paradigm that allows for greater reliability and more efficient management compared to traditional networks. However, SDN security is a developing field, and research towards fixing significant security vulnerabilities is still ongoing. One major threat to SDN security are attacks that seek to exploit...

Clusus: A cyber range for network attack simulations

This report documents the design and implementation of Clusus, a cyber range to provide students with a safe isolated environment to learn about cyber security and computer networks. This Bachelor project was proposed by the TU Delft cyber security group. During a two week research phase currently existing solutions were evaluated and...