Title :
A graph analytic metric for mitigating advanced persistent threat
Author :
Johnson, James R. ; Hogan, Emilie A.
Author_Institution :
Pacific Northwest Nat. Lab., Richland, WA, USA
Abstract :
This paper introduces a novel graph analytic metric that can be used to measure the potential vulnerability of a cyber network to specific types of attacks that use lateral movement and privilege escalation such as the well-known Pass The Hash, (PTH). The metric is computed from an oriented subgraph of the underlying cyber network induced by selecting only those edges for which a given property holds between the two vertices of the edge. The metric with respect to a select node on the subgraph is defined as the likelihood that the select node is reachable from another arbitrary node in the graph. This metric can be calculated dynamically from the authorization and auditing layers during the network security authorization phase and will potentially enable predictive deterrence against attacks such as PTH.
Keywords :
authorisation; computer network security; graph theory; advanced persistent threat mitigation; auditing layers; authorization layers; cyber network vulnerability; edge selection; edge vertices; graph analytic metrics; lateral movement; network security authorization phase; node selection; oriented subgraph; predictive deterrence; privilege escalation; Authentication; Authorization; Graph theory; Heuristic algorithms; Measurement; Presses; cybersecurity; discrete mathematics; graph theory;
Conference_Titel :
Intelligence and Security Informatics (ISI), 2013 IEEE International Conference on
Conference_Location :
Seattle, WA
Print_ISBN :
978-1-4673-6214-6
DOI :
10.1109/ISI.2013.6578801
