Visible to the public A Graph-Based Impact Metric for Mitigating Lateral Movement Cyber Attacks

TitleA Graph-Based Impact Metric for Mitigating Lateral Movement Cyber Attacks
Publication TypeConference Paper
Year of Publication2016
AuthorsPurvine, Emilie, Johnson, John R., Lo, Chaomei
Conference NameProceedings of the 2016 ACM Workshop on Automated Decision Making for Active Cyber Defense
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4566-8
KeywordsAttack Graphs, Big Data, big data security, big data security metrics, comparability, Computing Theory, control theory, cyber security, Dynamical Systems, graph, impact metric, Metrics, pubcrawl, Resiliency, security, security metrics, signature based defense

Most cyber network attacks begin with an adversary gaining a foothold within the network and proceed with lateral movement until a desired goal is achieved. The mechanism by which lateral movement occurs varies but the basic signature of hopping between hosts by exploiting vulnerabilities is the same. Because of the nature of the vulnerabilities typically exploited, lateral movement is very difficult to detect and defend against. In this paper we define a dynamic reachability graph model of the network to discover possible paths that an adversary could take using different vulnerabilities, and how those paths evolve over time. We use this reachability graph to develop dynamic machine-level and network-level impact scores. Lateral movement mitigation strategies which make use of our impact scores are also discussed, and we detail an example using a freely available data set.

Citation Keypurvine_graph-based_2016