n the pass-the-hash attack, hackers repeatedly steal password hashes and move through a computer network with the goal of reaching a computer with high level administrative privileges. In this paper we apply graph coarsening in network graphs for the purpose of detecting hackers using this attack or assessing the risk level of the network's current state. We repeatedly take graph minors, which preserve the existence of paths in the graph, and take powers of the adjacency matrix to count the paths. This allows us to detect the existence of paths as well as find paths that have high risk of being used by adversaries.
Revised: July 23, 2014 |
Published: January 1, 2013
Citation
Hogan E.A., J.R. Johnson, and M. Halappanavar. 2013.Graph Coarsening for Path Finding in Cybersecurity Graphs. In Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop (CSIIRW 2013), January 8-10, 2013, Oak Ridge, Tennessee, edited by F Sheldon, et al, Paper No. 7. New York, New York:ACM.PNNL-SA-90064.doi:10.1145/2459976.2459984