Vulnerability Categorization for Fast Multistep Attack Modelling
For many years, attack graphs have been one of the most popular approaches to model multistep attacks. This approach allows evaluating the possibility of each host in the system being compromised and to find attack paths with the most probability and impact. This paper describes an original approach...
| Main Authors: | , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
FRUCT
2023-05-01
|
| Series: | Proceedings of the XXth Conference of Open Innovations Association FRUCT |
| Subjects: | |
| Online Access: | https://www.fruct.org/publications/volume-33/fruct33/files/Lev.pdf |
| Summary: | For many years, attack graphs have been one of the most popular approaches to model multistep attacks. This approach allows evaluating the possibility of each host in the system being compromised and to find attack paths with the most probability and impact. This paper describes an original approach to vulnerability categorisation for fast multistep attack modelling. The novelty of the approach lies in the categorisation of all available CVEs into 24 categories in accordance with their access vector, initial, and obtained access rights. After that, instead of vulnerabilities, only their categories are used for constructing attack graphs of each host of the analysed system. It helps to make this process more computationally efficient for each host, while those computations can be done in parallel. Moreover, we introduce assumptions to integrate second and third versions of the CVSS vulnerabilities descriptions and allow transitions of the attacker between different access vectors. For the experimental evaluation of the approach, it was decided to generate hosts with 10 random CVEs and CPEs, from 10 hosts to 250, while 10 hosts are added on each step. After that, for each host it is analysed if it is vulnerable based on the list of CVEs and their categories. Each step of the host generation was done 5 times, and average time consumption results are taken as a result. After that, the same experiment was redone, but with 50 random CVEs and CPEs for each host. The results showed that the suggested approach is 13.4 times faster at average for 10 CVEs and CPEs, while 23.0 times faster for 50 CVEs and CPEs. Moreover, we tested the suggested approach on a fixed number of hosts equal to 100, while changing the number of random CVEs and CPEs per host from 10 to 100 with the step equal to 10. This experiment showed that the categories-based approach is 30.7 times faster at average. In addition, pros and cons of the proposed approach and future work directions are indicated. |
|---|---|
| ISSN: | 2305-7254 2343-0737 |