Implement Edge pruning to Enhance attack graph generation using Naïve approach algorithm

Öz

The use of network technologies has increased in recent years. Although the network is beneficial for individuals to work and live in, it does have security challenges that should be rectified. One of these issues is cyberattacks. The attack surface for hackers is growing as more devices are linked to the internet. The next-generation cyber defense concentrating on predictive analysis seems more proactive than existing technologies based on intrusion detection. Recently, many approaches have been proposed to detect and predict attacks; one of these approaches is attack graphs. The main reason for designing the attack graph is to predict the attack as well as to predict the attack's next step in the network. The attack graph depicts the many paths an attacker may attempt to get around a security policy by leveraging interdependencies between disclosed vulnerabilities. The attack graph is categorized into three sections: generation, analysis, and use of attack graph. However, current attack graphs are suffering from a few issues. Scalability is the main issue the attack graph generation is facing. The reason for this issue is that the increase in the usage of devices connected to the network leads to increased vulnerabilities in the network, which leads to an increment in the complexity as well as generation time of the attack graph. For this issue, this study proposes use the naïve approach prune algorithm and using Personal agents to reduce the reachability time in calculating between the nodes and to remove unnecessary edges, minimizing the attack graph's complexity. For the results, the proposed attack graph performs better than the existing attack graph by using a naïve approach and a personal agent. The proposed attack graph reduced the generation time by 20% and the attack graph complexity.

Anahtar Kelimeler

• Attack Graph
• Fog computing
• Cloud computing
• Edge Computing
• Edge Pruning

Kaynakça

1. [1] J. Jang-Jaccard and S. Nepal, ‘‘A survey of emerging threats in cybersecurity,’’ Journal of computer and system sciences, vol. 80, no. 5, pp. 973–993, 2014.
2. [2] E. Bertino, L. Martino, F. Paci, A. Squicciarini, E. Bertino, L. D. Martino, F. Paci, and A. C. Squicciarini, ‘‘Web services threats, vulnerabilities, and countermeasures,’’ Security for web services and service-oriented architectures, pp. 25–44, 2010.
3. [3] J. M. Kizza, W. Kizza, and Wheeler, Guide to computer network security, vol. 8. Springer, 2013.
4. [4] M. Abomhara and G. M. Køien, ‘‘Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks,’’ Journal of Cyber Security and Mobility, pp. 65–88, 2015.
5. [5] A. O’driscoll, ‘‘Cyber security vulnerability statistics and facts of 2022,’’ Comparitech, 2021.
6. [6] Y. Yang, L. Wu, G. Yin, L. Li, and H. Zhao, ‘‘A survey on security and privacy issues in internet-of-things,’’ IEEE Internet of things Journal, vol. 4, no. 5, pp. 1250–1258, 2017.
7. [7] J. Wang, ‘‘A generation method of attack graph based on evolutionary computation,’’ in 2016 2nd International Conference on Advances in Energy, Environment and Chemical Engineering (AEECE 2016), pp. 28–31, Atlantis Press, 2016.
8. [8] M. U. Aksu, K. Bicakci, M. H. Dilek, A. M. Ozbayoglu, and E. ı. Tatli, ‘‘Automated generation of attack graphs using nvd,’’ in Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy, pp. 135–142, 2018.

9. [9] M. Ibrahim and A. Alsheikh, ‘‘Automatic hybrid attack graph (ahag) generation for complex engineering systems,’’ Processes, vol. 7, no. 11, p. 787, 2019.
10. [10] Y. Feng, G. Sun, Z. Liu, C.Wu, X. Zhu, Z.Wang, and B.Wang, ‘‘Attack graph generation and visualization for industrial control network,’’ in 2020 39th Chinese Control Conference (CCC), pp. 7655–7660, IEEE, 2020.
11. [11] K. Kaynar, ‘‘A taxonomy for attack graph generation and usage in network security,’’ Journal of Information Security and Applications, vol. 29, pp. 27–56, 2016.
12. [12] M. Husák, J. Komárková, E. Bou-Harb, and P. Čeleda, ‘‘Survey of attack projection, prediction, and forecasting in cyber security,’’ IEEE Communications Surveys & Tutorials, vol. 21, no. 1, pp. 640–660, 2018.
13. [13] Z. J. Al-Araji, S. S. S. Ahmed, R. S. Abdullah, A. A. Mutlag, H. A. A. Raheem, and S. R. H. Basri, ‘‘Attack graph reachability: concept, analysis, challenges and issues,’’ Network Security, vol. 2021, no. 6, pp. 13–19, 2021.
14. [14] Z. J. Al-Araji, S. Sakinah Syed Ahmad, H. M. Farhood, A. Awad Mutlag, and M. S. Al-Khaldee, ‘‘Attack graph-based security metrics: Concept, taxonomy, challenges and open issues,’’ in BIO Web of Conferences, vol. 97, p. 00085, EDP Sciences, 2024.
15. [15] K. Kaynar and F. Sivrikaya, ‘‘Distributed attack graph generation,’’ IEEE Transactions on Dependable and Secure Computing, vol. 13, no. 5, pp. 519–532, 2015.
16. [16] Z. Yichao, Z. Tianyang, G. Xiaoyue, and W. Qingxian, ‘‘An improved attack path discovery algorithm through compact graph planning,’’ IEEE Access, vol. 7, pp. 59346–59356, 2019.
17. [17] Z. J. Al-Araji, S. S. S. Ahmad, and R. S. Abdullah, ‘‘Propose vulnerability metrics to measure network secure using attack graph,’’ International Journal of Advanced Computer Science and Applications, vol. 12, no. 5, 2021.
18. [18] Z. Al-Araji, S. S. Syed Ahmad, R. S. Abdullah, et al., ‘‘Attack prediction to enhance attack path discovery using improved attack graph,’’ Karbala International Journal of Modern Science, vol. 8, no. 3, pp. 313–329, 2022.
19. [19] M. Moulin, E. Eyisi, D. M. Shila, and Q. Zhang, ‘‘Automatic construction of attack graphs in cyber physical systems using temporal logic,’’ in MILCOM 2018-2018 IEEE Military Communications Conference (MILCOM), pp. 933–938, IEEE, 2018.
20. [20] Y. Chen, Z. Liu, Y. Liu, and C. Dong, ‘‘Distributed attack modeling approach based on process mining and graph segmentation,’’ Entropy, vol. 22, no. 9, p. 1026, 2020.
21. [21] H. Li, Y. Wang, and Y. Cao, ‘‘Searching forward complete attack graph generation algorithm based on hypergraph partitioning,’’ Procedia Computer Science, vol. 107, pp. 27–38, 2017.
22. [22] Y. Chen, K. Lv, and C. Hu, ‘‘Optimal attack path generation based on supervised kohonen neural network,’’ in Network and System Security: 11th International Conference, NSS 2017, Helsinki, Finland, August 21–23, 2017, Proceedings 11, pp. 399–412, Springer, 2017.
23. [23] B.Yuan, Z. Pan, F. Shi, and Z. Li, ‘‘An attack path generation methods based on graph database,’’ in 2020 IEEE 4th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC), vol. 1, pp. 1905–1910, IEEE, 2020.
24. [24] P. Sun, H. Zhang, and C. Li, ‘‘Attack path prediction based on bayesian game model,’’ in Journal of Physics: Conference Series, vol. 1955, p. 012098, IOP Publishing, 2021.
25. [25] A. Sabur, A. Chowdhary, D. Huang, and A. Alshamrani, ‘‘Toward scalable graph-based security analysis for cloud networks,’’ Computer Networks, vol. 206, p. 108795, 2022.
26. [26] G. Frances and H. Geffner, ‘‘Modeling and computation in planning: Better heuristics from more expressive languages,’’ in Proceedings of the International Conference on Automated Planning and Scheduling, vol. 25, pp. 70–78, 2015.
27. [27] G. Chartrand and P. Zhang, A first course in graph theory. Courier Corporation, 2013.
28. [28] S. Jha, O. Sheyner, and J. Wing, ‘‘Two formal analyses of attack graphs,’’ in Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15, pp. 49–63, IEEE, 2002.
29. [29] F. Zhou, S. Malher, and H. Toivonen, ‘‘Network simplification with minimal loss of connectivity,’’ in 2010 IEEE international conference on data mining, pp. 659–668, IEEE, 2010.
30. [30] M. Li, P. Hawrylak, and J. Hale, ‘‘Concurrency strategies for attack graph generation,’’ in 2019 2nd International Conference on Data Intelligence and Security (ICDIS), pp. 174–179, IEEE, 2019.