In this work we propose a novel formulation that models the attack and compromise on a cyber network as a combination of two parts - direct compromise of a host and the compromise occurring through the spread of the attack on the network from a compromised host. The model parameters for the nodes are a concise representation of the host profiles that can include the risky behaviors of the associated human users while the model parameters for the edges are based on the existence of vulnerabilities between each pair of connected hosts. The edge models relate to the summary representations of the corresponding attack-graphs. This results in a formulation based on Random Walk with Restart (RWR) and the resulting centrality metric can be solved for in an efficient manner through the use of sparse linear solvers. Thus the formulation goes beyond mere topological considerations in centrality computations by summarizing the host profiles and the attack graphs into the model parameters. The computational efficiency of the method also allows us to also quantify the uncertainty in the centrality measure through Monte Carlo analysis.
Revised: January 13, 2017 |
Published: May 10, 2016
Citation
Sathanur A.V., and D.J. Haglin. 2016.A Novel Centrality Measure for Network-wide Cyber Vulnerability Assessment. In IEEE Symposium on Technologies for Homeland Security (HST 2016), May 10-11, 2016, Waltham, MA. Piscataway, New Jersey:IEEE.PNNL-SA-116655.doi:10.1109/THS.2016.7568924