Visible to the public Compressing Network Attack Surfaces for Practical Security Analysis

TitleCompressing Network Attack Surfaces for Practical Security Analysis
Publication TypeConference Paper
Year of Publication2021
AuthorsEverson, Douglas, Cheng, Long
Conference Name2021 IEEE Secure Development Conference (SecDev)
Keywordsanomaly detection, attack surface, banner grabbing, clustering, Clustering algorithms, Conferences, data structures, Manuals, Metrics, Network Attack Surface, pubcrawl, resilience, Resiliency, Scalability, security, Testing
AbstractTesting or defending the security of a large network can be challenging because of the sheer number of potential ingress points that need to be investigated and evaluated for vulnerabilities. In short, manual security testing and analysis do not easily scale to large networks. While it has been shown that clustering can simplify the problem somewhat, the data structures and formats returned by the latest network mapping tools are not conducive to clustering algorithms. In this paper we introduce a hybrid similarity algorithm to compute the distance between two network services and then use those calculations to support a clustering algorithm designed to compress a large network attack surface by orders of magnitude. Doing so allows for new testing strategies that incorporate outlier detection and smart consolidation of test cases to improve accuracy and timeliness of testing. We conclude by presenting two case studies using an organization's network attack surface data to demonstrate the effectiveness of this approach.
Citation Keyeverson_compressing_2021