Abstract
Many security sensors and other protection mechanisms are deployed at different levels to provide what is known as defensein-depth for systems and networks. However, the large volume of security alerts experienced makes it challenging for operators to analyze the attack situation and take an appropriate response. Based on network configurations there are two major challenges to display and analyze potentially very-large and complex graphs of multi-step cyber attacks against networks. One is to transform large quantities of network security data into real-time actionable intelligence. The other is to visualize the complex graphs, including all possible network attack paths, while still keeping complexity manageable. We have proposed a comprehensive and innovative approach that is based on of three bodies of work: attack graph research,1–4 alert correlation research,5–10 and attack visualization research.11–16 As can be seen in Figure 1, there are two major components: attack analysis and attack-graph visualization modules. Based on the proposed these, we can easily display and analyze potentially very-large and complex graphs of multi-step cyber attacks against networks based upon network vulnerabilities, connectivity, and attacker exploits. The attack graph visualization module consists of three fundamental blocks: hierarchy construction, hierarchical graph complexity reduction, and radial space-filling (RSF) hierarchy visualization. The visualization module provides access to all possible network attack paths while keeping complexity manageable via interactive hierarchical graph complexity reduction. Moreover, the RSF technique has the advantage of efficiently using the display space while conveying the hierarchical strucFigure 1. Analysis and visualization model for large complex multistep cyber attack graphs.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.