22 lines
2.6 KiB
TeX
22 lines
2.6 KiB
TeX
\TUchapter{INTRODUCTION}
|
|
\TUsection{Introduction to Attack Graphs}
|
|
Cybersecurity has been at the forefront of computing for decades, and vulnerability analysis modeling has been utilized to mitigate threats to aid in this effort. One such modeling approach
|
|
is to represent a system or a set of systems through graphical means, and encode information into the nodes and edges of the graph. Even as early as the late 1990s,
|
|
experts have composed various graphical models to map devices and vulnerabilities through attack trees, and this work can be seen through the works published by the authors of \cite{phillips_graph-based_1998}.
|
|
This work, and other attack tree discussions of this time such as that conducted by the author of \cite{schneier_modeling_1999}, would later be referred to as early versions of modern-day attack graphs
|
|
\cite{ou_scalable_2006}. By utilizing this graphical approach, cybersecurity postures can be measued at a system's current status, as well as hypothesize and examine other postures based on system changes
|
|
over time.
|
|
|
|
Attack Graphs are an appealing approach since they are often designed to be exhaustive: all system properties are represented at its intial state, all attack options are fully enumerated, all permutations are
|
|
examined, and all changes to a system are encoded into their own independent states, where these states are then individually analyzed through the process. The authors of \cite{sheyner_automated_2002} also
|
|
discuss the advantage of conciseness of attack graphs, where the final graph only incorporates states that an attacker can leverage; no superflous states are generated that can clutter analysis. Despite their
|
|
advantages, attack graphs do suffer from their exhaustiveness. As the authors of \cite{ou_scalable_2006} examine, even very small networks with only 10 hosts and 5 vulnerabilites yield graphs with 10 million
|
|
edges. When scaling attack graphs to analyze the modern, interconnected state of large networks comprising of a multitude of hosts, and utilizing the entries located in the National Vulnerability Database and any
|
|
custom vulnerability testing, this becomes infeasible. Similar difficulties arise in related fields, where social networks, bio-informatics, and neural network representations also result in graphs with millions of
|
|
states \cite{zhang_boosting_2017}. Various efforts that will be discussed in Section \ref{sec:related_works} demonstrate methods and techniques that can mitigate these difficulties and improve performance.
|
|
|
|
\TUsection{Application to Cybersecurity and Compliance}
|
|
|
|
\TUsection{Objectives and Contributions}
|
|
|