A Predictive Framework for Cyber Security Analytics using Attack Graphs
This work addresses the need for more realistic security analytics for organizations managing network risks, though it is incremental as it builds on existing attack graph analysis by adding temporal considerations.
The paper tackles the problem of inadequate security metrics for risk management by developing a stochastic framework that incorporates temporal aspects of vulnerabilities, such as exploit availability and patches, to provide quantitative security measures, resulting in a model that estimates daily transition-probability matrices using Frei's Vulnerability Lifecycle model and analyzes CVSS metrics over time.
Security metrics serve as a powerful tool for organizations to understand the effectiveness of protecting computer networks. However majority of these measurement techniques don't adequately help corporations to make informed risk management decisions. In this paper we present a stochastic security framework for obtaining quantitative measures of security by taking into account the dynamic attributes associated with vulnerabilities that can change over time. Our model is novel as existing research in attack graph analysis do not consider the temporal aspects associated with the vulnerabilities, such as the availability of exploits and patches which can affect the overall network security based on how the vulnerabilities are interconnected and leveraged to compromise the system. In order to have a more realistic representation of how the security state of the network would vary over time, a nonhomogeneous model is developed which incorporates a time dependent covariate, namely the vulnerability age. The daily transition-probability matrices are estimated using Frei's Vulnerability Lifecycle model. We also leverage the trusted CVSS metric domain to analyze how the total exploitability and impact measures evolve over a time period for a given network.