Cyber Security Webinar by Azqa Nadeem MSc : Alert-driven attack graph generation using S-PDFA

19 januari 2021 12:00 t/m 12:45 - Locatie: Zoom | Zet in mijn agenda

https://tudelft.zoom.us/j/97432813667?pwd=anpxeE05UklsVzRJaFVUNjJZb01PQT09
Meeting ID: 974 3281 3667
Passcode: 544526

Attack graphs (AG) are insightful models of attacker strategies that show the paths followed by attackers to break in. Existing work on AG generation requires expensive expert knowledge and published vulnerability reports, which do not exist yet for unreported vulnerabilities. However, there exists an abundance of intrusion alerts from prior security incidents.

In this talk, I introduce Alert-driven Attack Graphs (AGs) that are generated purely from intrusion alerts, without a priori expert knowledge. The method exploits the temporal and probabilistic dependence between alerts in a Suffix-based Probabilistic Deterministic Finite Automaton (S-PDFA) — a model that brings infrequent severe alerts into the spotlight and summarizes paths to contextually-similar severe states. Then, AGs are extracted from the model on per-objective, per-victim basis. The AGs are succinct, interpretable and provide actionable intelligence about attack progression, such as strategic differences and overlapping attack paths. They even show that attackers tend to follow shorter paths after they have discovered a longer one.