Attack prediction to enhance attack path discovery using improved attack graph
Organizations and governments constantly face potential security attacks. However, the need for next-generation cyber defense has become even more urgent in a day and age when attack surfaces that hackers can exploit have grown at an alarming rate with an increase in the number of connected devices...
Saved in:
Main Authors: | , , |
---|---|
Format: | Article |
Language: | English |
Published: |
University of Kerbala
2022
|
Online Access: | http://eprints.utem.edu.my/id/eprint/26230/2/KARBALA%20JOURNAL.PDF http://eprints.utem.edu.my/id/eprint/26230/ https://kijoms.uokerbala.edu.iq/cgi/viewcontent.cgi?article=3235&context=home |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Summary: | Organizations and governments constantly face potential security attacks. However, the need for next-generation cyber defense has become even more urgent in a day and age when attack surfaces that hackers can exploit have grown at an alarming rate with an increase in the number of connected devices to the Internet. The next-generation cyber defense that relies on predictive analysis is more proactive than existing technologies that rely on intrusion detection. Many approaches with which to detect and predict attacks have been proposed in recent times. One such approach is attack graphs. The primary purpose of an attack graph is to not only predict an attack but its next steps within a network as well. More specifically, an attack graph depicts the paths that an attacker may employ to circumvent network policies by exploiting interdependencies between the vulnerabilities. However, extant attack graphs are plagued with a few issues. Scalability is just one of the main issues that attack graph generation faces. This is because an increase in the number of devices used increases the number of vulnerabilities within a network. This, in turn, increases the complexity as well as the amount of time required to generate an attack graph. At present, existing studies that have used attack graphs to predict the subsequent steps during an attack have manually assigned the attack location for attack graph analysis. In order to overcome this limitation, this present study recommends the use of intelligent agents to reduce reachability time by calculating between the nodes, as well as using the A*prune algorithm to remove useless edges and reduce attack graph complexity. For the attack graph analysis, the random forest algorithm was used to detect, predict, and dynamically ascertain the attack location in the network. The results of the attack graph generation experiment revealed that the A*prune attack graph produced better results than existing attack graphs. |
---|