noah/Network-Theory_Compliance-Graph-Analysis
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Katz, K-path edge, Page Rank, Transitive Closure, beginning of Dominant Tree

Browse Source
This commit is contained in:
Noah L. Schrick 2022-05-02 21:46:16 -05:00
parent 9eacf9eb20
commit 24092ba28d
10 changed files with 370 additions and 134 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
Report/Bibliography.bib
View File

@ -1357,3 +1357,81 @@ of 27},
year={2017},
pages={5001-5006}
}
@book{newman2010networks,
title={Networks: An Introduction},
author={Newman, M.E.J.},
isbn={9780191594175},
url={https://books.google.com/books?id=sgSlvgEACAAJ},
year={2010},
publisher={Oxford University Press}
}
@article{K_Path_Edge,
doi = {10.1016/j.knosys.2012.01.007},
url = {https://doi.org/10.1016%2Fj.knosys.2012.01.007},
year = 2012,
month = {jun},
publisher = {Elsevier {BV}},
volume = {30},
pages = {136--150},
author = {Pasquale De Meo and Emilio Ferrara and Giacomo Fiumara and Angela Ricciardello},
title = {A novel measure of edge centrality in social networks},
journal = {Knowledge-Based Systems}
}
@article{Adapted_PageRank,
title={An algorithm for ranking the nodes of an urban network based on the concept of PageRank vector},
author={Taras Agryzkov and Jos{\'e} Luis Oliver and Leandro Tortosa and Jos{\'e}-Francisco Vicent},
journal={Appl. Math. Comput.},
year={2012},
volume={219},
pages={2186-2193}
}
@article{PageRank,
title = {The anatomy of a large-scale hypertextual Web search engine},
journal = {Computer Networks and ISDN Systems},
volume = {30},
number = {1},
pages = {107-117},
year = {1998},
note = {Proceedings of the Seventh International World Wide Web Conference},
issn = {0169-7552},
doi = {https://doi.org/10.1016/S0169-7552(98)00110-X},
url = {https://www.sciencedirect.com/science/article/pii/S016975529800110X},
author = {Sergey Brin and Lawrence Page},
keywords = {World Wide Web, Search engines, Information retrieval, PageRank, Google},
abstract = {In this paper, we present Google, a prototype of a large-scale search engine which makes heavy use of the structure present in hypertext. Google is designed to crawl and index the Web efficiently and produce much more satisfying search results than existing systems. The prototype with a full text and hyperlink database of at least 24 million pages is available at http://google.stanford.edu/ To engineer a search engine is a challenging task. Search engines index tens to hundreds of millions of Web pages involving a comparable number of distinct terms. They answer tens of millions of queries every day. Despite the importance of large-scale search engines on the Web, very little academic research has been done on them. Furthermore, due to rapid advance in technology and Web proliferation, creating a Web search engine today is very different from three years ago. This paper provides an in-depth description of our large-scale Web search engine — the first such detailed public description we know of to date. Apart from the problems of scaling traditional search techniques to data of this magnitude, there are new technical challenges involved with using the additional information present in hypertext to produce better search results. This paper addresses this question of how to build a practical large-scale system which can exploit the additional information present in hypertext. Also we look at the problem of how to effectively deal with uncontrolled hypertext collections where anyone can publish anything they want.}
}
@article{PageRank_Survey,
author = { Pavel Berkhin },
title = {A Survey on PageRank Computing},
journal = {Internet Mathematics},
volume = {2},
number = {1},
pages = {73-120},
year = {2005},
publisher = {Taylor & Francis},
doi = {10.1080/15427951.2005.10129098},
URL = {https://doi.org/10.1080/15427951.2005.10129098},
eprint = {https://doi.org/10.1080/15427951.2005.10129098}
}
@inproceedings{dominance,
author = {Prosser, Reese T.},
title = {Applications of Boolean Matrices to the Analysis of Flow Diagrams},
year = {1959},
isbn = {9781450378680},
publisher = {Association for Computing Machinery},
address = {New York, NY, USA},
url = {https://doi.org/10.1145/1460299.1460314},
doi = {10.1145/1460299.1460314},
abstract = {Any serious attempt at automatic programming of large-scale digital computing machines must provide for some sort of analysis of program structure. Questions concerning order of operations, location and disposition of transfers, identification of subroutines, internal consistency, redundancy and equivalence, all involve a knowledge of the structure of the program under study, and must be handled effectively by any automatic programming system.},
booktitle = {Papers Presented at the December 1-3, 1959, Eastern Joint IRE-AIEE-ACM Computer Conference},
pages = {133138},
numpages = {6},
location = {Boston, Massachusetts},
series = {IRE-AIEE-ACM '59 (Eastern)}
}

65
Report/Schrick-Noah_CS-7863_Final-Report.aux
View File

@ -1,15 +1,16 @@
\relax
\providecommand\babel@aux[2]{}
\@nameuse{bbl@beforestart}
\babel@aux{nil}{}
\citation{phillips_graph-based_1998}
\citation{schneier_modeling_1999}
\babel@aux{nil}{}
\citation{j_hale_compliance_nodate}
\citation{baloyi_guidelines_2019}
\citation{allman_complying_2006}
\@writefile{toc}{\contentsline {section}{\numberline {1}Introduction}{2}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {1.1}Attack Graphs}{2}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {1.2}Compliance Graphs}{2}{}\protected@file@percent }
\citation{newman2010networks}
\citation{Mieghem2018DirectedGA}
\citation{Mieghem2018DirectedGA}
\citation{ming_diss}
@ -25,38 +26,60 @@
\providecommand*\caption@xref[2]{\@setref\relax\@undefined{#1}}
\newlabel{table:networks}{{1}{4}}
\@writefile{toc}{\contentsline {section}{\numberline {3}Experimental Networks}{4}{}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {4}Centralities}{4}{}\protected@file@percent }
\newlabel{sec:networks}{{3}{4}}
\@writefile{toc}{\contentsline {section}{\numberline {4}Centralities and their Applications to Compliance Graphs}{4}{}\protected@file@percent }
\newlabel{sec:centralities}{{4}{4}}
\@writefile{toc}{\contentsline {subsection}{\numberline {4.1}Introduction}{4}{}\protected@file@percent }
\citation{Katz}
\@writefile{toc}{\contentsline {subsection}{\numberline {4.2}Degree}{5}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {4.3}Betweenness}{5}{}\protected@file@percent }
\newlabel{sec:between}{{4.3}{5}}
\newlabel{eq:between}{{1}{5}}
\citation{K_Path_Edge}
\@writefile{toc}{\contentsline {subsection}{\numberline {4.4}Katz}{6}{}\protected@file@percent }
\newlabel{eq:Katz}{{2}{6}}
\newlabel{eq:mod_katz}{{3}{6}}
\@writefile{toc}{\contentsline {subsection}{\numberline {4.5}K-Path Edge}{6}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {4.6}Adapted Page Rank}{6}{}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {5}Transitive Closure}{6}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {5.1}Introduction}{6}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {5.2}Application}{6}{}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {6}Dominant Tree}{6}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {6.1}Introduction}{6}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {6.2}Application}{6}{}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {7}Results and Result Analysis}{6}{}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {8}Conclusions and Future Work}{6}{}\protected@file@percent }
\citation{PageRank}
\citation{Adapted_PageRank}
\newlabel{eq:kpe}{{4}{7}}
\@writefile{toc}{\contentsline {subsection}{\numberline {4.6}Adapted Page Rank}{7}{}\protected@file@percent }
\newlabel{eq:PR}{{5}{7}}
\newlabel{eq:APC}{{6}{7}}
\citation{li_combining_2019}
\citation{zeng_cyber_2017}
\citation{dominance}
\@writefile{toc}{\contentsline {section}{\numberline {5}Transitive Closure}{8}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {5.1}Introduction and Application}{8}{}\protected@file@percent }
\@writefile{lof}{\contentsline {figure}{\numberline {1}{\ignorespaces Example of Transitive Closure\relax }}{9}{}\protected@file@percent }
\newlabel{fig:TC}{{1}{9}}
\@writefile{toc}{\contentsline {section}{\numberline {6}Dominant Tree}{9}{}\protected@file@percent }
\@writefile{toc}{\contentsline {subsection}{\numberline {6.1}Introduction and Application}{9}{}\protected@file@percent }
\@writefile{toc}{\contentsline {section}{\numberline {7}Results and Result Analysis}{9}{}\protected@file@percent }
\newlabel{sec:results}{{7}{9}}
\@writefile{toc}{\contentsline {section}{\numberline {8}Conclusions and Future Work}{9}{}\protected@file@percent }
\@writefile{lof}{\contentsline {figure}{\numberline {2}{\ignorespaces Example Network for Illustrating Dominance\relax }}{10}{}\protected@file@percent }
\newlabel{fig:TC}{{2}{10}}
\bibdata{Bibliography}
\bibcite{phillips_graph-based_1998}{1}
\bibcite{schneier_modeling_1999}{2}
\bibcite{j_hale_compliance_nodate}{3}
\bibcite{baloyi_guidelines_2019}{4}
\bibcite{allman_complying_2006}{5}
\bibcite{Mieghem2018DirectedGA}{6}
\bibcite{ming_diss}{7}
\bibcite{Guo2017HermitianAM}{8}
\bibcite{Brualdi2010SpectraOD}{9}
\bibcite{noauthor_health_1996}{10}
\bibcite{PCI}{11}
\bibcite{PMID:30064421}{12}
\bibcite{Katz}{13}
\bibcite{newman2010networks}{6}
\bibcite{Mieghem2018DirectedGA}{7}
\bibcite{ming_diss}{8}
\bibcite{Guo2017HermitianAM}{9}
\bibcite{Brualdi2010SpectraOD}{10}
\bibcite{noauthor_health_1996}{11}
\bibcite{PCI}{12}
\bibcite{PMID:30064421}{13}
\bibcite{Katz}{14}
\bibcite{K_Path_Edge}{15}
\@writefile{toc}{\contentsline {section}{Bibliography}{11}{}\protected@file@percent }
\bibcite{PageRank}{16}
\bibcite{Adapted_PageRank}{17}
\bibcite{li_combining_2019}{18}
\bibcite{zeng_cyber_2017}{19}
\bibstyle{ieeetr}
\@writefile{toc}{\contentsline {section}{Bibliography}{7}{}\protected@file@percent }
\gdef \@abspage@last{7}
\gdef \@abspage@last{12}

29
Report/Schrick-Noah_CS-7863_Final-Report.bbl
View File

@ -26,6 +26,10 @@ N.~Baloyi and P.~Kotzé, ``Guidelines for {Data} {Privacy} {Compliance}: {A}
E.~Allman, ``Complying with {Compliance}: {Blowing} it off is not an option.,''
{\em ACM Queue}, vol.~4, no.~7, 2006.
\bibitem{newman2010networks}
M.~Newman, {\em Networks: An Introduction}.
\newblock Oxford University Press, 2010.
\bibitem{Mieghem2018DirectedGA}
P.~V. Mieghem, ``Directed graphs and mysterious complex eigenvalues,'' 2018.
@ -62,4 +66,29 @@ M.~Ashtiani, A.~Salehzadeh-Yazdi, Z.~Razaghi-Moghadam, H.~Hennig,
L.~Katz, ``{A new status index derived from sociometric analysis},'' {\em
Psychometrika}, vol.~18, pp.~39--43, March 1953.
\bibitem{K_Path_Edge}
P.~D. Meo, E.~Ferrara, G.~Fiumara, and A.~Ricciardello, ``A novel measure of
edge centrality in social networks,'' {\em Knowledge-Based Systems}, vol.~30,
pp.~136--150, jun 2012.
\bibitem{PageRank}
S.~Brin and L.~Page, ``The anatomy of a large-scale hypertextual web search
engine,'' {\em Computer Networks and ISDN Systems}, vol.~30, no.~1,
pp.~107--117, 1998.
\newblock Proceedings of the Seventh International World Wide Web Conference.
\bibitem{Adapted_PageRank}
T.~Agryzkov, J.~L. Oliver, L.~Tortosa, and J.-F. Vicent, ``An algorithm for
ranking the nodes of an urban network based on the concept of pagerank
vector,'' {\em Appl. Math. Comput.}, vol.~219, pp.~2186--2193, 2012.
\bibitem{li_combining_2019}
M.~Li, P.~Hawrylak, and J.~Hale, ``Combining {OpenCL} and {MPI} to support
heterogeneous computing on a cluster,'' {\em ACM International Conference
Proceeding Series}, 2019.
\bibitem{zeng_cyber_2017}
K.~Zeng, ``Cyber {Attack} {Analysis} {Based} on {Markov} {Process} {Model},''
2017.
\end{thebibliography}

61
Report/Schrick-Noah_CS-7863_Final-Report.blg
View File

@ -4,45 +4,46 @@ The top-level auxiliary file: Schrick-Noah_CS-7863_Final-Report.aux
The style file: ieeetr.bst
Database file #1: Bibliography.bib
Warning--empty booktitle in Mieghem2018DirectedGA
You've used 13 entries,
Warning--empty journal in zeng_cyber_2017
You've used 19 entries,
1876 wiz_defined-function locations,
558 strings with 5746 characters,
and the built_in function-call counts, 2480 in all, are:
= -- 239
> -- 87
592 strings with 6758 characters,
and the built_in function-call counts, 3982 in all, are:
= -- 389
> -- 142
< -- 0
+ -- 36
- -- 23
* -- 156
:= -- 372
add.period$ -- 17
call.type$ -- 13
change.case$ -- 12
+ -- 57
- -- 38
* -- 257
:= -- 584
add.period$ -- 25
call.type$ -- 19
change.case$ -- 17
chr.to.int$ -- 0
cite$ -- 14
duplicate$ -- 131
empty$ -- 266
format.name$ -- 23
if$ -- 607
cite$ -- 21
duplicate$ -- 210
empty$ -- 411
format.name$ -- 38
if$ -- 978
int.to.chr$ -- 0
int.to.str$ -- 13
missing$ -- 9
newline$ -- 48
num.names$ -- 12
pop$ -- 55
int.to.str$ -- 19
missing$ -- 16
newline$ -- 68
num.names$ -- 18
pop$ -- 74
preamble$ -- 1
purify$ -- 0
quote$ -- 0
skip$ -- 67
skip$ -- 117
stack$ -- 0
substring$ -- 84
swap$ -- 35
substring$ -- 180
swap$ -- 66
text.length$ -- 0
text.prefix$ -- 0
top$ -- 0
type$ -- 0
warning$ -- 1
while$ -- 20
width$ -- 15
write$ -- 124
(There was 1 warning)
warning$ -- 2
while$ -- 33
width$ -- 21
write$ -- 181
(There were 2 warnings)

176
Report/Schrick-Noah_CS-7863_Final-Report.log
View File

@ -1,4 +1,4 @@
This is pdfTeX, Version 3.141592653-2.6-1.40.24 (TeX Live 2022/Arch Linux) (preloaded format=pdflatex 2022.4.29) 2 MAY 2022 19:02
This is pdfTeX, Version 3.141592653-2.6-1.40.24 (TeX Live 2022/Arch Linux) (preloaded format=pdflatex 2022.4.29) 2 MAY 2022 21:45
entering extended mode
restricted \write18 enabled.
%&-line parsing enabled.
@ -139,6 +139,9 @@ Package babel Info: You haven't specified a language. I'll use 'nil'
Language: nil 2022/02/26 3.73 Nil language
\l@nil=\language88
))
(/usr/share/texmf-dist/tex/latex/doublestroke/dsfont.sty
Package: dsfont 1995/08/01 v0.1 Double stroke roman fonts
)
(/usr/share/texmf-dist/tex/latex/base/inputenc.sty
Package: inputenc 2021/02/14 v1.3d Input encoding file
\inpenc@prehook=\toks20
@ -189,25 +192,28 @@ File: l3backend-pdftex.def 2022-04-14 L3 backend support: PDF output (pdfTeX)
\l__color_backend_stack_int=\count276
\l__pdf_internal_box=\box53
)
(./Schrick-Noah_CS-7863_Final-Report.aux)
(./Schrick-Noah_CS-7863_Final-Report.aux
LaTeX Warning: Label `fig:TC' multiply defined.
)
\openout1 = `Schrick-Noah_CS-7863_Final-Report.aux'.
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 26.
LaTeX Font Info: ... okay on input line 26.
LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 26.
LaTeX Font Info: ... okay on input line 26.
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 26.
LaTeX Font Info: ... okay on input line 26.
LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 26.
LaTeX Font Info: ... okay on input line 26.
LaTeX Font Info: Checking defaults for TS1/cmr/m/n on input line 26.
LaTeX Font Info: ... okay on input line 26.
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 26.
LaTeX Font Info: ... okay on input line 26.
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 26.
LaTeX Font Info: ... okay on input line 26.
(/usr/share/texmf-dist/tex/context/base/mkii/supp-pdf.mkii
LaTeX Font Info: Checking defaults for OML/cmm/m/it on input line 27.
LaTeX Font Info: ... okay on input line 27.
LaTeX Font Info: Checking defaults for OMS/cmsy/m/n on input line 27.
LaTeX Font Info: ... okay on input line 27.
LaTeX Font Info: Checking defaults for OT1/cmr/m/n on input line 27.
LaTeX Font Info: ... okay on input line 27.
LaTeX Font Info: Checking defaults for T1/cmr/m/n on input line 27.
LaTeX Font Info: ... okay on input line 27.
LaTeX Font Info: Checking defaults for TS1/cmr/m/n on input line 27.
LaTeX Font Info: ... okay on input line 27.
LaTeX Font Info: Checking defaults for OMX/cmex/m/n on input line 27.
LaTeX Font Info: ... okay on input line 27.
LaTeX Font Info: Checking defaults for U/cmr/m/n on input line 27.
LaTeX Font Info: ... okay on input line 27.
(/usr/share/texmf-dist/tex/context/base/mkii/supp-pdf.mkii
[Loading MPS to PDF converter (version 2006.09.02).]
\scratchcounter=\count277
\scratchdimen=\dimen150
@ -263,11 +269,11 @@ Package caption Info: Begin \AtBeginDocument code.
Package caption Info: float package is loaded.
Package caption Info: End \AtBeginDocument code.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <12> on input line 28.
(Font) <12> on input line 29.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <8> on input line 28.
(Font) <8> on input line 29.
LaTeX Font Info: External font `cmex10' loaded for size
(Font) <6> on input line 28.
(Font) <6> on input line 29.
(./Schrick-Noah_CS-7863_Final-Report.toc
LaTeX Font Info: External font `cmex10' loaded for size
@ -278,46 +284,46 @@ LaTeX Font Info: External font `cmex10' loaded for size
\tf@toc=\write3
\openout3 = `Schrick-Noah_CS-7863_Final-Report.toc'.
[1
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}]
Overfull \hbox (21.08397pt too wide) in paragraph at lines 33--34
Overfull \hbox (21.08397pt too wide) in paragraph at lines 34--35
[]\OT1/cmr/m/n/10 To address the rising risks of computing and threats to cyber
security, vulnerability
[]
[1
Overfull \hbox (3.02843pt too wide) in paragraph at lines 35--36
{/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map}]
Overfull \hbox (3.02843pt too wide) in paragraph at lines 36--37
[]\OT1/cmr/m/n/10 Attack graphs begin with a root node that contains all the cu
rrent information
[]
Overfull \hbox (2.19508pt too wide) in paragraph at lines 38--39
Overfull \hbox (2.19508pt too wide) in paragraph at lines 39--40
[]\OT1/cmr/m/n/10 Compliance graphs are an alternate form of attack graphs, uti
lized specifically
[]
Overfull \hbox (0.79698pt too wide) in paragraph at lines 38--39
Overfull \hbox (0.79698pt too wide) in paragraph at lines 39--40
\OT1/cmr/m/n/10 for examining compliance and regulation statuses of systems. Li
ke attack graphs,
[]
Overfull \hbox (10.93585pt too wide) in paragraph at lines 40--41
Overfull \hbox (10.93585pt too wide) in paragraph at lines 41--42
\OT1/cmr/m/n/10 to also examine administrative policies and properties of syste
ms. Since compliance
[]
Overfull \hbox (2.69524pt too wide) in paragraph at lines 40--41
Overfull \hbox (2.69524pt too wide) in paragraph at lines 41--42
\OT1/cmr/m/n/10 and regulation is broad and can vary by industry and applicatio
n, the information
[]
[2]
Overfull \hbox (10.74141pt too wide) in paragraph at lines 49--50
Overfull \hbox (10.74141pt too wide) in paragraph at lines 50--51
\OT1/cmr/m/n/10 cooperation to training and administrative policies. This netwo
rk is also progressed
[]
@ -325,77 +331,125 @@ rk is also progressed
[3]
LaTeX Warning: No positions in optional float specifier.
Default added (so using `tbp') on input line 51.
Default added (so using `tbp') on input line 52.
Overfull \hbox (14.1025pt too wide) in paragraph at lines 66--67
Overfull \hbox (24.76286pt too wide) in paragraph at lines 65--65
[]\OT1/cmr/bx/n/14.4 Centralities and their Applications to Compliance
[]
Overfull \hbox (14.1025pt too wide) in paragraph at lines 67--68
\OT1/cmr/m/n/10 opportunities for compliance violation. This work discusses fiv
e centrality measures,
[]
[4] [5] [6] (./Schrick-Noah_CS-7863_Final-Report.bbl
[4] [5] [6]
LaTeX Font Info: Trying to load font information for U+dsrom on input line 1
17.
(/usr/share/texmf-dist/tex/latex/doublestroke/Udsrom.fd
File: Udsrom.fd 1995/08/01 v0.1 Double stroke roman font definitions
) [7]
<./images/Transitive-closure.png, id=38, 1927.2pt x 1027.84pt>
File: ./images/Transitive-closure.png Graphic file (type png)
<use ./images/Transitive-closure.png>
Package pdftex.def Info: ./images/Transitive-closure.png used on input line 13
2.
(pdftex.def) Requested size: 345.0pt x 183.99947pt.
LaTeX Warning: Citation `dominance' on page 8 undefined on input line 141.
LaTeX Warning: Reference `fig:pre-DTree' on page 8 undefined on input line 141.
Overfull \hbox (71.59012pt too wide) in paragraph at lines 141--141
[][]\OT1/cmr/m/n/8 Image origin can be located at: https://commons.wikimedia.or
g/wiki/File:Dominator$[]$control$[]$flow$[]$graph.svg,
[]
[8]
<./images/pre-Dtree.png, id=45, 673.51625pt x 770.88pt>
File: ./images/pre-Dtree.png Graphic file (type png)
<use ./images/pre-Dtree.png>
Package pdftex.def Info: ./images/pre-Dtree.png used on input line 144.
(pdftex.def) Requested size: 345.0pt x 394.87271pt.
[9 <./images/Transitive-closure.png>] [10 <./images/pre-Dtree.png>]
(./Schrick-Noah_CS-7863_Final-Report.bbl
Underfull \hbox (badness 1237) in paragraph at lines 4--8
[]\OT1/cmr/m/n/10 C. Phillips and L. P. Swiler, ``A graph-based system for netw
ork-
[]
Underfull \hbox (badness 10000) in paragraph at lines 45--48
Underfull \hbox (badness 10000) in paragraph at lines 49--52
[]\OT1/cmr/m/n/10 ``Health Insurance Portability and Accountability Act of
[]
Underfull \hbox (badness 10000) in paragraph at lines 45--48
Underfull \hbox (badness 10000) in paragraph at lines 49--52
\OT1/cmr/m/n/10 1996.'' Pub. L. No. 104-191. 1996 [Online]. Available:
[]
Underfull \hbox (badness 10000) in paragraph at lines 45--48
Underfull \hbox (badness 10000) in paragraph at lines 49--52
\OT1/cmr/m/n/10 https://www.govinfo.gov/content/pkg/PLAW-104publ191/html/PLAW-
[]
Underfull \hbox (badness 10000) in paragraph at lines 50--54
Underfull \hbox (badness 10000) in paragraph at lines 54--58
[]\OT1/cmr/m/n/10 P. S. S. Council, ``Payment Card Industry (PCI)
[]
Underfull \hbox (badness 10000) in paragraph at lines 50--54
Underfull \hbox (badness 10000) in paragraph at lines 54--58
\OT1/cmr/m/n/10 Data Security Standard,'' May 2018. Available:
[]
Underfull \hbox (badness 1571) in paragraph at lines 62--64
Underfull \hbox (badness 1571) in paragraph at lines 66--68
[]\OT1/cmr/m/n/10 L. Katz, ``A new status index derived from sociometric analys
is,''
[]
) [7
[11
] (./Schrick-Noah_CS-7863_Final-Report.aux) )
]) [12] (./Schrick-Noah_CS-7863_Final-Report.aux)
LaTeX Warning: There were undefined references.
LaTeX Warning: There were multiply-defined labels.
)
Here is how much of TeX's memory you used:
5376 strings out of 478238
96547 string characters out of 5850456
398315 words of memory out of 5000000
23553 multiletter control sequences out of 15000+600000
473860 words of font info for 43 fonts, out of 8000000 for 9000
5457 strings out of 478238
98314 string characters out of 5850456
398577 words of memory out of 5000000
23620 multiletter control sequences out of 15000+600000
474340 words of font info for 48 fonts, out of 8000000 for 9000
1141 hyphenation exceptions out of 8191
67i,8n,77p,1807b,289s stack positions out of 5000i,500n,10000p,200000b,80000s
</usr/share/texmf-dist/fonts/type1
/public/amsfonts/cm/cmbx10.pfb></usr/share/texmf-dist/fonts/type1/public/amsfon
ts/cm/cmbx12.pfb></usr/share/texmf-dist/fonts/type1/public/amsfonts/cm/cmex10.p
fb></usr/share/texmf-dist/fonts/type1/public/amsfonts/cm/cmmi10.pfb></usr/share
/texmf-dist/fonts/type1/public/amsfonts/cm/cmmi7.pfb></usr/share/texmf-dist/fon
ts/type1/public/amsfonts/cm/cmr10.pfb></usr/share/texmf-dist/fonts/type1/public
/amsfonts/cm/cmr12.pfb></usr/share/texmf-dist/fonts/type1/public/amsfonts/cm/cm
r17.pfb></usr/share/texmf-dist/fonts/type1/public/amsfonts/cm/cmr7.pfb></usr/sh
are/texmf-dist/fonts/type1/public/amsfonts/cm/cmsy7.pfb></usr/share/texmf-dist/
fonts/type1/public/amsfonts/cm/cmti10.pfb>
Output written on Schrick-Noah_CS-7863_Final-Report.pdf (7 pages, 161981 bytes)
.
</usr/share/texmf-dist/fonts/type1/public/amsfonts/cm/cmbx10.pfb></usr/share/
texmf-dist/fonts/type1/public/amsfonts/cm/cmbx12.pfb></usr/share/texmf-dist/fon
ts/type1/public/amsfonts/cm/cmex10.pfb></usr/share/texmf-dist/fonts/type1/publi
c/amsfonts/cm/cmmi10.pfb></usr/share/texmf-dist/fonts/type1/public/amsfonts/cm/
cmmi7.pfb></usr/share/texmf-dist/fonts/type1/public/amsfonts/cm/cmr10.pfb></usr
/share/texmf-dist/fonts/type1/public/amsfonts/cm/cmr12.pfb></usr/share/texmf-di
st/fonts/type1/public/amsfonts/cm/cmr17.pfb></usr/share/texmf-dist/fonts/type1/
public/amsfonts/cm/cmr6.pfb></usr/share/texmf-dist/fonts/type1/public/amsfonts/
cm/cmr7.pfb></usr/share/texmf-dist/fonts/type1/public/amsfonts/cm/cmr8.pfb></us
r/share/texmf-dist/fonts/type1/public/amsfonts/cm/cmsy10.pfb></usr/share/texmf-
dist/fonts/type1/public/amsfonts/cm/cmsy7.pfb></usr/share/texmf-dist/fonts/type
1/public/amsfonts/cm/cmti10.pfb></usr/share/texmf-dist/fonts/type1/public/doubl
estroke/dsrom10.pfb>
Output written on Schrick-Noah_CS-7863_Final-Report.pdf (12 pages, 306685 bytes
).
PDF statistics:
83 PDF objects out of 1000 (max. 8388607)
51 compressed objects within 1 object stream
123 PDF objects out of 1000 (max. 8388607)
74 compressed objects within 1 object stream
0 named destinations out of 1000 (max. 500000)
1 words of extra memory for PDF output out of 10000 (max. 10000000)
11 words of extra memory for PDF output out of 10000 (max. 10000000)

BIN
Report/Schrick-Noah_CS-7863_Final-Report.pdf
View File

Binary file not shown.

75
Report/Schrick-Noah_CS-7863_Final-Report.tex
View File

@ -8,6 +8,7 @@
\usepackage[noend]{algpseudocode}
\usepackage{ifpdf} % Detect PDF or DVI mode
\usepackage{babel} % Bibliography
\usepackage{dsfont} % mathbb
\usepackage[utf8]{inputenc}
\usepackage{float}
@ -40,12 +41,12 @@ Compliance graphs are an alternate form of attack graphs, utilized specifically
The semantics of compliance graphs are similar to that of attack graphs, but with a few differences regarding the information at each state. While security and compliance statuses are related, the information that is analyzed in compliance graphs is focused less on certain security properties, and is expanded to also examine administrative policies and properties of systems. Since compliance and regulation is broad and can vary by industry and application, the information to analyze can range from safety regulations, maintenance compliance, or any other regulatory compliance. However, the graph structure of compliance graphs is identical to that of attack graphs, where edges represent a modification to the systems, and nodes represent all current information in the system.
\subsection{Difficulties of Compliance Graph Analysis}
Analysis of directed graphs is not as simple as their undirected counterparts, and attack and compliance graphs are directed acyclic graphs. The primary contributor to the increased difficulty is due to the asymmetric adjacency matrix present in directed graphs. With undirected graphs, simplifications can be made in the analysis process both computationally and conceptually. Since the ``in" degrees are equal to the ``out" degrees, less work is required both in terms of parsing the adjacency matrix, but also in terms of determining importance of nodes. As the author of \cite{Mieghem2018DirectedGA} discusses, the difficulty of directed graphs also extends to the graph Laplacian, where the definition for asymmetric adjacency matrices is not uniquely defined, and is based on either row or column sums computing to zero, but both cannot. The author of \cite{Mieghem2018DirectedGA} continues to discuss that directed graphs lead to complex eigenvalues, and can lead to adjacency matrices that are unable to be diagonalized. These challenges require different approaches for typical clustering or centrality measures.
Analysis of directed graphs is not as simple as their undirected counterparts, and attack and compliance graphs are directed acyclic graphs. The primary contributor to the increased difficulty is due to the asymmetric adjacency matrix present in directed graphs. With undirected graphs, simplifications can be made in the analysis process both computationally and conceptually. Since the ``in" degrees are equal to the ``out" degrees, less work is required both in terms of parsing the adjacency matrix, but also in terms of determining importance of nodes. The author of \cite{newman2010networks} discusses that common analysis techniques such as eigenvector centrality is often unapplicable to directed acyclic graphs. As the author of \cite{Mieghem2018DirectedGA} discusses, the difficulty of directed graphs also extends to the graph Laplacian, where the definition for asymmetric adjacency matrices is not uniquely defined, and is based on either row or column sums computing to zero, but both cannot. The author of \cite{Mieghem2018DirectedGA} continues to discuss that directed graphs lead to complex eigenvalues, and can lead to adjacency matrices that are unable to be diagonalized. These challenges require different approaches for typical clustering or centrality measures.
\section{Related Works}
The author of \cite{ming_diss} presents three centrality measures that were applied to various attack graphs. The centrality measures implemented were Katz, K-path Edge, and Adapted PageRank. Each of these centrality measures are applicable to the directed format of attack graphs, and conclusions can be drawn regarding patching schemes for preventing exploits. As an approach for avoiding complex eigenvalues, the authors of \cite{Guo2017HermitianAM} present work examining directed, undirected, and mixed graphs using its Hermitian adjacency matrix. Other works, such as that discussed by the author of \cite{Mieghem2018DirectedGA} include mathematical manipulation of directed graph spectra (originally presented by the author of \cite{Brualdi2010SpectraOD}) with Schur's Theorem to bound eigenvalues and allow for explicit computation, which can then be used for additional analysis metrics.
\section{Experimental Networks}
\section{Experimental Networks} \label{sec:networks}
The work conducted in this approach utilized three compliance graphs, with their properties displayed in Table \ref{table:networks}. Connectivity in this table refers to the mean degree, divided by the number of nodes in the network, multiplied by 100 to get the number in a percentage form. Network 1 is a vehicle maintenance network. This network has one car asset that is deemed ``brand new", and has no mileage. This network is examined at its current state, and progresses through time with time steps of 1 month, up to 12 months total. At each time step the car gains mileage and increases its age property, and is reexamined to evaluate its standing in regards to its vehicular regulatory maintenance schedule. Network 2 is an artificial company network that is attempting to maintain HIPAA compliance \cite{noauthor_health_1996}. This network examines its standing in relation to security properties that are required per HIPAA guidelines, as well as employee cooperation to training and administrative policies. This network is also progressed through time to illustrate the company's standing in relation to yearly audits and trainings that must be followed. Employees are also added and removed through the network at set points during the time progression process. Network 3 is another artificial company network. This company is attempting to maintain PCI DSS compliance \cite{PCI}. This network generation was static and did not progress through time. This network examined the company and its current state, and examined all changes that could occur. These changes were primarily tied to security properties such as physical break-ins on the property, firewalls being disabled, default system settings, and encryption expiration.
\begin{table}[]
@ -61,41 +62,93 @@ The work conducted in this approach utilized three compliance graphs, with their
\label{table:networks}
\end{table}
\section{Centralities}
\section{Centralities and their Applications to Compliance Graphs} \label{sec:centralities}
\subsection{Introduction}
The author of \cite{PMID:30064421} provides a survey of centrality measures, and discusses how various centrality measures have been implemented and brought forth in order to determine node importance in networks. By determining the importance of nodes, various conclusions can be drawn regarding the network. In the case of compliance graphs, conclusions can be drawn regarding the prioritization of patching or correction schemes. If one node is known to lead to the creation of many other nodes, it may be said that a patch is imperative to prevent further opportunities for compliance violation. This work discusses five centrality measures, and discusses their application to compliance graphs.
\subsection{Degree}
Degree centrality is a trivial, localized measure of node importance based on the number of edges that a node has. In an undirected graph, the degree centrality is predicated solely on the number of edges. However, in the case of a directed graph, a distinction is drawn with a degree centrality oriented on the number of edges coming into a node, and another measure focused on the number of edges leaving a node. Both of these cases provide useful information for compliance graphs. When a node has a large number of other nodes it points to, this node may be prioritized since it creates further opportunity for violation. When a node has a large number of edges pointing to it, this node may be prioritized since the probability that systems may enter this state is higher due to the increased number of ways that a system could lead to this state.
\subsection{Betweenness}
\subsection{Betweenness}\label{sec:between}
Betweenness centrality ranks node importance based on its ability to transfer information flow in a network. For all pairs of nodes in a network, a shortest path is determined. A node that is in this shortest path is considered to have importance. The total betweenness centrality is based on the number of shortest paths that pass through a given node. For compliance graphs, the shortest paths are useful to identify the quickest way that systems may fall out of compliance. By prioritizing the nodes that fall in the highest number of shortest paths, correction schemes can be employed to prolong or prevent systems from falling out of compliance.
Betweenness centrality is given in Equation \ref{eq:between}, where \textit{i} and \textit{j} are two different, individual nodes in the network, $\sigma_{ij}$ is the total number of shortest paths from \textit{i} to \textit{j}, and $\sigma _{ij}(v)$ is the number of shortest paths that include a node \textit{v}.
\begin{equation}
\sum_{s \neq v \neq t} \frac{\sigma_{ij}(v)}{\sigma_{ij}}
\sum_{i \neq i \neq v} \frac{\sigma_{ij}(v)}{\sigma_{ij}}
\label{eq:between}
\end{equation}
\subsection{Katz}
Katz centrality was first introduced by the author of \cite{Katz}, and measures the importance of nodes through all paths in a network, and is not limited to solely the shortest path between any two given nodes. The original work by the author defines Katz as seen in Equation \ref{eq:Katz}.
Katz centrality was first introduced by the author of \cite{Katz}, and measures the importance of nodes through all paths in a network. Katz centrality varies in that its centrality measure is not limited to solely the shortest path between any two given nodes. The original work by the author defines Katz as seen in Equation \ref{eq:Katz}, where \textit{i} and \textit{j} are nodes in the network, \textit{n} is the total number of nodes in the network, \textit{A} is the adjacency matrix, and $\alpha$ is an attenuation factor and has a value between 0 and 1. From this, a value of 1 is assigned if node \textit{i} is connected to node \textit{j}.
\begin{equation}
C_{\mathrm {Katz} }(i)=\sum _{k=1}^{\infty }\sum _{j=1}^{n}\alpha ^{k}(A^{k})_{ji}
\label{eq:Katz}
\end{equation}
Later works have expanded on the original Katz to include a $\beta$ vector that allows for additional scaling in the instance that prior knowledge of the network exists. The modified equation can be seen in Equation \ref{eq:mod_katz}.
\begin{equation}
\vec{x} = \left(I - \alpha A \right)^{-1}\vec{\beta}
\label{eq:mod_katz}
\end{equation}
For compliance graphs, Katz centrality represents the total number of paths that exist from a given node to any other downstream nodes, and is scaled based on the attenuation factor as well as the prior knowledge vector $\beta$. When the Katz centrality of a given node is high, prioritizing a correction scheme for the node would be useful to prevent opportunity of future compliance violations that may be many steps ahead, but still reachable from the current state.
\subsection{K-Path Edge}
K-path edge centrality, as discussed by the authors of \cite{K_Path_Edge}, is predicated on information passing through a network as a means of generalizing k-path centrality. With K-path edge centrality, importance is based on the edges of the network. One difference from betweenness centrality, is that as discussed in Section \ref{sec:between}, betweenness centrality is global and counts all nodes in a the shortest path. K-path edge centrality is localized, and is constrained by \textit{k} steps from a given node. Equation \ref{eq:kpe} displays the centrality measure for K-path edge centrality, where \textit{m} is a given edge in the network, \textit{N} is the total number of nodes in the network, $\delta_{n}^{(K)}$ is the number of K-paths from node \textit{n}, and $\delta_{n}^{(K)}(m)$ is the number of K-paths from node \textit{n} that include edge \textit{m}.
\begin{equation}
L^{(K)}(m) = \sum_{n = 1}^{N}\frac{\delta_{n}^{(K)}(m)}{\delta_{n}^{(K)}}
\label{eq:kpe}
\end{equation}
For compliance graphs, K-path edge centrality is useful to identify a short chain of changes that may result in a compliance violation. If a node has a high K-path edge centrality and it is likely that the system will be put into that node, then a series of changes could occur that could then put the system in a different states. Prioritizing nodes that have a high K-path edge centrality could be useful in deterring a short chain of changes that could cripple the system further. It is also useful to prevent states where the system is near a compliance violation.
\subsection{Adapted Page Rank}
The original PageRank algorithm was first designed by the authors of \cite{PageRank} for the Google prototype for ranking web pages. The authors of \cite{Adapted_PageRank} later introduced an Adapated PageRank that was designed to measure both the number and quality of connections specifically for an urban network. Equation \ref{eq:PR} displays the PageRank algorithm, where $\gamma$ is a damping factor with a value between 0 and 1, \textit{n} is the total number of nodes in the network, \textit{A} is the adjacency matrix of the network, \textit{i} and \textit{j} represent the row and column of the adjacency matrix, \textit{x} is a given node in the network, and \textit{k} is the row sum out degree. Since the Adapted PageRank algorithm measures the quality of connections, there is increased application to directed networks such as compliance graphs. As seen in Equation \ref{eq:PR}, the \textit{k$_j$} term is a penalizing factor. Importance is based on the in degree of a node, with a penalty for the out degree. If many nodes point to a given node, then that node is said to be important due to its accessibility.
\begin{equation}
x_i = \frac{1-\gamma}{n} + \gamma\sum_{j = 1}^{n}\frac{A_{ij}}{k_j}x_j
\label{eq:PR}
\end{equation}
The adapted PageRank algorithm includes additional data that may be present in an urban network, such as geographical position, resource availability, and proximity to facilities. This data is user-defined, and may not be present in the network. Equation \ref{eq:APC} displays the Adapated PageRank algorithm in matrix form where \textit{D} is the user-defined data matrix, \textit{I} is the identity matrix, and $\mathds{1}$ is a column matrix comprised of 1s.
\begin{equation}
(I-\gamma A D)\vec{x} = \frac{1-\gamma}{n}\mathds{1}
\label{eq:APC}
\end{equation}
For compliance graphs, the Adapted Page Rank algorithm is useful for a few reasons. First, it is able to include user-defined data regarding the network. This could include scaling certain nodes to have greater weight, such as those known to be a compromised state. Second, since nodes are penalized for pointing to other nodes, this algorithm is useful for determining nodes that are likely to be visited. If a state has a greater in degree, it may need prioritization since the system has a higher likelihood of being placed in this state.
\section{Transitive Closure}
\subsection{Introduction}
\subsection{Application}
\subsection{Introduction and Application}
Transitive closure represents a transitive relation on a given binary set, and can be used to determine reachability of a given network. Figure \ref{fig:TC} \footnote{Image origin can be located at: https://commons.wikimedia.org/wiki/File:Transitive-closure.svg, and this image has been licensed under the terms of the GNU Free Documentation License.} displays an example output when performing transitive closure. In context of compliance graphs, it is useful to consider that an adversary (whether an internal or external malicious actor, poor policy execution by an organization, accidental misuse, or any other adversarial occurrence) could have no time constraints. That is, for any given state of the system or set of systems, an adversarial act could have ``infinite" time to perform a series of actions. If no prior knowledge is known about the network, it can be assumed that all changes performed on the systems are equally likely. In practice, specifying a probability that a change can occur has been performed through a Markov Decision Process, such as that seen by the authors of \cite{li_combining_2019} and \cite{zeng_cyber_2017}. When under these assumptions, it is useful to then consider which nodes are important, assuming they have 1-step reachability to any downstream node they may have a transitive connection to. As a result, a transitive closure was identified for all networks described in
Section \ref{sec:networks}, and this transitive closure was then analyzed through the five centrality methods discussed in Section \ref{sec:centralities}. Results and a discussion of the results can be seen in Section \ref{sec:results}.
\begin{figure}[htp]
\includegraphics[width=\linewidth]{"./images/Transitive-closure.png"}
\vspace{.2truein} \centerline{}
\caption{Example of Transitive Closure}
\label{fig:TC}
\end{figure}
\section{Dominant Tree}
\subsection{Introduction}
\subsection{Application}
\subsection{Introduction and Application}
Dominance, as initially introduced by the author of \cite{dominance} in terms of flow, is defined as a node that is in every path to another node. For instance, if a node \textit{i} is a destination node, and every path to \textit{i} from a source node includes node \textit{j}, then node \textit{j} is said to dominate node \textit{i}. Figure \ref{fig:pre-DTree} \footnote{Image origin can be located at: https://commons.wikimedia.org/wiki/File:Dominator$\_$control$\_$flow$\_$graph.svg, and this image has been released into the public domain for use for any purpose, unless such conditions are required by law.} displays an example starting network. With node 1 being the source node, it is evident that node 2 immediately dominates nodes 3, 4, 5, and 6, since all messages from node 1 must pass through node 2. By definition, each node must also dominate itself, so node 2 also dominates node 2.
\section{Results and Result Analysis}
\begin{figure}[htp]
\includegraphics[width=\linewidth]{"./images/pre-Dtree.png"}
\vspace{.2truein} \centerline{}
\caption{Example Network for Illustrating Dominance}
\label{fig:TC}
\end{figure}
\section{Results and Result Analysis} \label{sec:results}
\section{Conclusions and Future Work}

20
Report/Schrick-Noah_CS-7863_Final-Report.toc
View File

@ -5,19 +5,17 @@
\contentsline {subsection}{\numberline {1.3}Difficulties of Compliance Graph Analysis}{3}{}%
\contentsline {section}{\numberline {2}Related Works}{3}{}%
\contentsline {section}{\numberline {3}Experimental Networks}{4}{}%
\contentsline {section}{\numberline {4}Centralities}{4}{}%
\contentsline {section}{\numberline {4}Centralities and their Applications to Compliance Graphs}{4}{}%
\contentsline {subsection}{\numberline {4.1}Introduction}{4}{}%
\contentsline {subsection}{\numberline {4.2}Degree}{5}{}%
\contentsline {subsection}{\numberline {4.3}Betweenness}{5}{}%
\contentsline {subsection}{\numberline {4.4}Katz}{6}{}%
\contentsline {subsection}{\numberline {4.5}K-Path Edge}{6}{}%
\contentsline {subsection}{\numberline {4.6}Adapted Page Rank}{6}{}%
\contentsline {section}{\numberline {5}Transitive Closure}{6}{}%
\contentsline {subsection}{\numberline {5.1}Introduction}{6}{}%
\contentsline {subsection}{\numberline {5.2}Application}{6}{}%
\contentsline {section}{\numberline {6}Dominant Tree}{6}{}%
\contentsline {subsection}{\numberline {6.1}Introduction}{6}{}%
\contentsline {subsection}{\numberline {6.2}Application}{6}{}%
\contentsline {section}{\numberline {7}Results and Result Analysis}{6}{}%
\contentsline {section}{\numberline {8}Conclusions and Future Work}{6}{}%
\contentsline {section}{Bibliography}{7}{}%
\contentsline {subsection}{\numberline {4.6}Adapted Page Rank}{7}{}%
\contentsline {section}{\numberline {5}Transitive Closure}{8}{}%
\contentsline {subsection}{\numberline {5.1}Introduction and Application}{8}{}%
\contentsline {section}{\numberline {6}Dominant Tree}{9}{}%
\contentsline {subsection}{\numberline {6.1}Introduction and Application}{9}{}%
\contentsline {section}{\numberline {7}Results and Result Analysis}{9}{}%
\contentsline {section}{\numberline {8}Conclusions and Future Work}{9}{}%
\contentsline {section}{Bibliography}{11}{}%

BIN
Report/images/Transitive-closure.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 100 KiB

BIN
Report/images/pre-Dtree.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 25 KiB