Fast Attack Graph Defense Localization via Bisimulation

Nimrod Busany, Rafi Shalom, Dan Klein, Shahar Maoz*

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

System administrators, network engineers, and IT managers can learn much about the vulnerabilities of an organization’s cyber system by constructing and analyzing analytical attack graphs (AAGs). An AAG consists of logical rule nodes, fact nodes, and derived fact nodes. It provides a graph-based representation that describes ways by which an attacker can achieve progress towards a desired goal, a.k.a. a crown jewel. Given an AAG, different types of analyses can be performed to identify attacks on a target goal, measure the vulnerability of the network, and gain insights on how to make it more secure. However, as the size of the AAGs representing real-world systems may be very large, existing analyses are slow or practically impossible. In this paper, we introduce and show how to compute an AAG’s defense core: a locally minimal subset of the AAG’s rules whose removal will prevent an attacker from reaching a crown jewel. Most importantly, in order to scale-up the performance of the detection of a defense core, we introduce a novel application of the well-known notion of bisimulation to AAGs. Our experiments show that the use of bisimulation results in significantly smaller graphs and in faster detection of defense cores, making them practical.

Original languageEnglish
Title of host publicationFormal Methods - 26th International Symposium, FM 2024, Proceedings
EditorsAndré Platzer, Kristin Yvonne Rozier, Matteo Pradella, Matteo Rossi
PublisherSpringer Science and Business Media Deutschland GmbH
Pages245-263
Number of pages19
ISBN (Print)9783031711619
DOIs
StatePublished - 2025
Event26th International Symposium on Formal Methods, FM 2024 - Milan, Italy
Duration: 9 Sep 202413 Sep 2024

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume14933 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference26th International Symposium on Formal Methods, FM 2024
Country/TerritoryItaly
CityMilan
Period9/09/2413/09/24

Fingerprint

Dive into the research topics of 'Fast Attack Graph Defense Localization via Bisimulation'. Together they form a unique fingerprint.

Cite this