Design procedure of knowledge base for practical attack graph generation

Masaki Inokuchi, Yoshinobu Ohta, Shunichi Kinoshita, Tomohiko Yagyu, Orly Stan, Ron Bitton, Yuval Elovici, Asaf Shabtai

Proceedings of the 2019 ACM Asia Conference on Computer and Communications …, 2019

Cyber security assessment is an essential activity for understanding the security risks in an enterprise environment. While many tools have been developed in order to evaluate the security risks for individual hosts, it is still a challenge to identify multi-hop cyber security risks in a large-scale environment. An attack graph, which provides a comprehensive view of attacks, assists in identifying high-risk attack paths and efficiently deploying countermeasures. Several frameworks which generate an attack graph from system information and knowledge base have also been developed in the past. Although these tools are widely adopted, their expression capabilities are insufficient. The expansion of knowledge base is needed to handle comprehensive attack scenario. In this research, we developed an attack graph generation system by extending the MulVAL framework which is widely adopted due to its high extensibility …