Attack Graph Embedded Machine Learning Platform For Cyber Situational Awareness

Abstract

An attack graph is a crucial tool for network security analysis. Traditionally, network administrators utilize attack graphs to generate possible attack paths and estimate the attack probability (risk) in a networked environment. However, the attack probability does not alone provide enough directions to take security measures. Furthermore, there is a lack of combining the attack probability with the attack node's topological influence factors, which also contributes to propagate cyberattacks. This work proposes a cyber risk assessment platform to enhance cyber situational awareness by addressing those gaps. We first present methods to compute cyber risk using the attack graph and then extract network topological influence factors (i.e., features) using graph centrality measures. Next, we apply unsupervised learning to the extracted features to find the network's highly exploitable attack points. Finally, we use graph embedding techniques to identify the objective similarity among the attack privilege nodes. We illustrate the applications of our machine learning-based cyber risk assessment platform using a SCADA (supervisory control and data acquisition) case study for the cyber-physical power systems. The simulation results demonstrate that the platform provides a better understanding of the cyber risk assessment and situational awareness by applying machine learning techniques on the attack graph.