将证据图映射到攻击图

2012 IEEE International Workshop on Information Forensics and Security (WIFS) Pub Date : 2012-12-01 DOI:10.1109/WIFS.2012.6412636

Changwei Liu, A. Singhal, D. Wijesekera

{"title":"将证据图映射到攻击图","authors":"Changwei Liu, A. Singhal, D. Wijesekera","doi":"10.1109/WIFS.2012.6412636","DOIUrl":null,"url":null,"abstract":"Attack graphs compute potential attack paths from a system configuration and known vulnerabilities of a system. Evidence graphs model intrusion evidence and dependencies among them. In this paper, we show how to map evidence graphs to attack graphs. This mapping is useful for application of attack graphs and evidence graphs for forensic analysis. In addition to helping to refine attack graphs by using known sets of dependent attack evidence, important probabilistic information contained in evidence graphs can be used to compute or refine potential attack success probabilities obtained from repositories like CVSS. Conversely, attack graphs can be used to add missing evidence or remove irrelevant evidence trails to build a complete evidence graph. We illustrated the mapping by using a database attack as a case study.","PeriodicalId":396789,"journal":{"name":"2012 IEEE International Workshop on Information Forensics and Security (WIFS)","volume":"32 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2012-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"26","resultStr":"{\"title\":\"Mapping evidence graphs to attack graphs\",\"authors\":\"Changwei Liu, A. Singhal, D. Wijesekera\",\"doi\":\"10.1109/WIFS.2012.6412636\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Attack graphs compute potential attack paths from a system configuration and known vulnerabilities of a system. Evidence graphs model intrusion evidence and dependencies among them. In this paper, we show how to map evidence graphs to attack graphs. This mapping is useful for application of attack graphs and evidence graphs for forensic analysis. In addition to helping to refine attack graphs by using known sets of dependent attack evidence, important probabilistic information contained in evidence graphs can be used to compute or refine potential attack success probabilities obtained from repositories like CVSS. Conversely, attack graphs can be used to add missing evidence or remove irrelevant evidence trails to build a complete evidence graph. We illustrated the mapping by using a database attack as a case study.\",\"PeriodicalId\":396789,\"journal\":{\"name\":\"2012 IEEE International Workshop on Information Forensics and Security (WIFS)\",\"volume\":\"32 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2012-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"26\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2012 IEEE International Workshop on Information Forensics and Security (WIFS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WIFS.2012.6412636\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2012 IEEE International Workshop on Information Forensics and Security (WIFS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WIFS.2012.6412636","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 26

摘要

攻击图根据系统配置和系统的已知漏洞计算潜在的攻击路径。证据图对入侵证据及其相互依赖关系进行建模。在本文中，我们展示了如何将证据图映射到攻击图。这种映射对于攻击图和证据图在法医分析中的应用是有用的。除了通过使用已知的依赖攻击证据集来帮助改进攻击图之外，证据图中包含的重要概率信息可用于计算或改进从CVSS等存储库获得的潜在攻击成功概率。相反，攻击图可以用来添加缺失的证据或删除不相关的证据轨迹，以构建完整的证据图。我们通过使用数据库攻击作为案例研究来说明这种映射。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Mapping evidence graphs to attack graphs

Attack graphs compute potential attack paths from a system configuration and known vulnerabilities of a system. Evidence graphs model intrusion evidence and dependencies among them. In this paper, we show how to map evidence graphs to attack graphs. This mapping is useful for application of attack graphs and evidence graphs for forensic analysis. In addition to helping to refine attack graphs by using known sets of dependent attack evidence, important probabilistic information contained in evidence graphs can be used to compute or refine potential attack success probabilities obtained from repositories like CVSS. Conversely, attack graphs can be used to add missing evidence or remove irrelevant evidence trails to build a complete evidence graph. We illustrated the mapping by using a database attack as a case study.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2012 IEEE International Workshop on Information Forensics and Security (WIFS)

自引率

0.00%

发文量

期刊最新文献

Designing steganographic distortion using directional filters AC-3 bit stream watermarking Privacy-preserving architecture for forensic image recognition Active content fingerprinting: A marriage of digital watermarking and content fingerprinting Optimum forensic and counter-forensic strategies for source identification with training data