• DocumentCode
    2972822
  • Title

    Mapping evidence graphs to attack graphs

  • Author

    Changwei Liu ; Singhal, Achintya ; Wijesekera, Duminda

  • Author_Institution
    Comput. Sci. Dept., George Mason Univ., Fairfax, VA, USA
  • fYear
    2012
  • fDate
    2-5 Dec. 2012
  • Firstpage
    121
  • Lastpage
    126
  • Abstract
    Attack graphs compute potential attack paths from a system configuration and known vulnerabilities of a system. Evidence graphs model intrusion evidence and dependencies among them. In this paper, we show how to map evidence graphs to attack graphs. This mapping is useful for application of attack graphs and evidence graphs for forensic analysis. In addition to helping to refine attack graphs by using known sets of dependent attack evidence, important probabilistic information contained in evidence graphs can be used to compute or refine potential attack success probabilities obtained from repositories like CVSS. Conversely, attack graphs can be used to add missing evidence or remove irrelevant evidence trails to build a complete evidence graph. We illustrated the mapping by using a database attack as a case study.
  • Keywords
    digital forensics; graph theory; probability; CVSS; attack graphs; attack paths; database attack; dependent attack evidence; evidence graph mapping; evidence graph model intrusion evidence; forensic analysis; potential attack success probability; probabilistic information; Databases; Forensics; IP networks; Measurement; Probabilistic logic; Servers; Workstations; attack graphs; attack success probabilities; evidence graphs; evidence probabilities; mapping algorithm;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Forensics and Security (WIFS), 2012 IEEE International Workshop on
  • Conference_Location
    Tenerife
  • Print_ISBN
    978-1-4673-2285-0
  • Electronic_ISBN
    978-1-4673-2286-7
  • Type

    conf

  • DOI
    10.1109/WIFS.2012.6412636
  • Filename
    6412636