Journal of Korea Society of Digital Industry and Information Management (디지털산업정보학회논문지)

Korea Society of Digital Industry and Information Management (디지털산업정보학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on the Design and Implementation of System for Predicting Attack Target Based on Attack Graph

공격 그래프 기반의 공격 대상 예측 시스템 설계 및 구현에 대한 연구

  • 고장혁 (국방과학연구소) ;
  • 이동호 (광운대학교 컴퓨터소프트웨어학부)
  • Received : 2020.03.02
  • Accepted : 2020.03.13
  • Published : 2020.03.30
Download PDF
⟨ Previous Next ⟩

Abstract

As the number of systems increases and the network size increases, automated attack prediction systems are urgently needed to respond to cyber attacks. In this study, we developed four types of information gathering sensors for collecting asset and vulnerability information, and developed technology to automatically generate attack graphs and predict attack targets. To improve performance, the attack graph generation method is divided into the reachability calculation process and the vulnerability assignment process. It always keeps up to date by starting calculations whenever asset and vulnerability information changes. In order to improve the accuracy of the attack target prediction, the degree of asset risk and the degree of asset reference are reflected. We refer to CVSS(Common Vulnerability Scoring System) for asset risk, and Google's PageRank algorithm for asset reference. The results of attack target prediction is displayed on the web screen and CyCOP(Cyber Common Operation Picture) to help both analysts and decision makers.

Keywords

References

  1. 고장혁, 이동호, "네트워크 트래픽 수집 및 복원을 통한 내부자 행위 분석 프레임워크 연구," 디지털산업정보학회 논문지, 제13권 제4호, 2017a, pp.125-139.
  2. 고장혁, 이동호, "정보 유출 탐지를 위한 머신 러닝 기반 내부자 행위 분석 연구," 디지털산업정보학회 논문지, 제13권 제2호, 2017b, pp.1-11.
  3. 고장혁, 이동호, "국방정보시스템 성능향상을 위한 효율적인 GPU 적용방안 연구," 디지털산업정보학회 논문지, 제11권 제1호, 2015, pp.27-35.
  4. N. Nakhla, K. Perrett and C. McKenzie, "Automated computer network defence using ARMOUR: Mission-oriented decision support and vulnerability mitigation," 2017 International Conference On Cyber Situational Awareness, Data Analytics and Assessment(Cyber SA), Lodon, 2017, pp.1-8.
  5. Barik, M.ridul & Sengupta, Anirban & Mazumdar, Chandan, "Attack Graph Generation and Analysis Techniques," Defence Science Journal. Vol, 66, No.6, 2016, pp.559-567. https://doi.org/10.14429/dsj.66.10795
  6. R. Lippmann et al., "Validating and Restoring Defense in Depth Using Attack Graphs," MILCOM 2006, IEEE Military Communications conference, Washington, DC, 2006, pp. 1-10.
  7. K. Ingols, M. Chu, R. Lippmann, S. Webster and S. Boyer, "Modeling Modern Network Attacks and Countermeasures Using Attack Graphs," 2009 Annual Computer Security Applications Conference, Honolulu, HI, 2009, pp. 117-126.
  8. S. Noel, M. Elder, S. Jajodia, P. Kalapa, S. O'Hare and K. Prole, "Advances in Topological Vulnerability Analysis," 2009 Cybersecurity Applications & Technology Conference for Homeland Security, Washington, DC, 2009, pp. 124-129.
  9. Jajodia S., Noel S. (2010) Topological Vulnerability Analysis. In: Jajodia S., Liu P., Swarup V., Wang C. (eds) Cyber Situational Awareness. Advances in Information Security, vol 46. Springer, Boston, MA
  10. A Singhal, X Ou, "Security risk analysis of enterprise networks using probabilistic attack graphs," Gaithersburg, MD: U.S. Dept. of Commerce, National Institute of Standards and Technology, 2011, http://purl.fdlp.gov/GPO/gpo28803.