Automated Enrichment of Logical Attack Graphs via Formal Ontologies

Kéren Saint-Hilaire; Frédéric Cuppens; Nora Cuppens; Joaquin Garcia-Alfaro

doi:10.1007/978-3-031-56326-3_5

Automated Enrichment of Logical Attack Graphs via Formal Ontologies

Kéren Saint-Hilaire
, Frédéric Cuppens
, Nora Cuppens
, Joaquin Garcia-Alfaro

Telecom Sudparis
Chair CRITiCAL
Université de Montréal/Polytechnique

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Attack graphs represent the possible actions of adversaries to attack a system. Cybersecurity experts use them to make decisions concerning remediation and recovery plans. There are different attack graph-building approaches. We focus on logical attack graphs. Networks and vulnerabilities constantly change; we propose an attack graph enrichment approach based on semantic augmentation post-processing of the logic predicates. Mapping attack graphs with alerts from a monitored system allows for confirming successful attack actions and updating according to network and vulnerability changes. The predicates get periodically updated based on attack evidence and ontology knowledge, allowing us to verify whether changes lead the attacker to the initial goals or cause further damage to the system not anticipated in the initial graphs. We illustrate our approach using a specific cyber-physical scenario affecting smart cities.

Original language	English
Title of host publication	ICT Systems Security and Privacy Protection - 38th IFIP TC 11 International Conference, SEC 2023, Revised Selected Papers
Editors	Norbert Meyer, Anna Grocholewska-Czuryło
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	59-72
Number of pages	14
ISBN (Print)	9783031563256
DOIs	https://doi.org/10.1007/978-3-031-56326-3_5
Publication status	Published - 1 Jan 2024
Event	38th IFIP TC 11 International Conference on ICT Systems Security and Privacy Protection, SEC 2023 - Poznan, Poland Duration: 14 Jun 2023 → 16 Jun 2023

Publication series

Name	IFIP Advances in Information and Communication Technology
Volume	679 IFIPAICT
ISSN (Print)	1868-4238
ISSN (Electronic)	1868-422X

Conference

Conference	38th IFIP TC 11 International Conference on ICT Systems Security and Privacy Protection, SEC 2023
Country/Territory	Poland
City	Poznan
Period	14/06/23 → 16/06/23

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

SDG 11 Sustainable Cities and Communities

Keywords

Attack Graph
Cybsersecurity
Defense Graph
Ontology

Access to Document

10.1007/978-3-031-56326-3_5

Cite this

Saint-Hilaire, K., Cuppens, F., Cuppens, N., & Garcia-Alfaro, J. (2024). Automated Enrichment of Logical Attack Graphs via Formal Ontologies. In N. Meyer, & A. Grocholewska-Czuryło (Eds.), ICT Systems Security and Privacy Protection - 38th IFIP TC 11 International Conference, SEC 2023, Revised Selected Papers (pp. 59-72). (IFIP Advances in Information and Communication Technology; Vol. 679 IFIPAICT). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-56326-3_5

Saint-Hilaire, Kéren ; Cuppens, Frédéric ; Cuppens, Nora et al. / Automated Enrichment of Logical Attack Graphs via Formal Ontologies. ICT Systems Security and Privacy Protection - 38th IFIP TC 11 International Conference, SEC 2023, Revised Selected Papers. editor / Norbert Meyer ; Anna Grocholewska-Czuryło. Springer Science and Business Media Deutschland GmbH, 2024. pp. 59-72 (IFIP Advances in Information and Communication Technology).

@inproceedings{c3bb41af3d16405aae8d4d76a178e098,

title = "Automated Enrichment of Logical Attack Graphs via Formal Ontologies",

abstract = "Attack graphs represent the possible actions of adversaries to attack a system. Cybersecurity experts use them to make decisions concerning remediation and recovery plans. There are different attack graph-building approaches. We focus on logical attack graphs. Networks and vulnerabilities constantly change; we propose an attack graph enrichment approach based on semantic augmentation post-processing of the logic predicates. Mapping attack graphs with alerts from a monitored system allows for confirming successful attack actions and updating according to network and vulnerability changes. The predicates get periodically updated based on attack evidence and ontology knowledge, allowing us to verify whether changes lead the attacker to the initial goals or cause further damage to the system not anticipated in the initial graphs. We illustrate our approach using a specific cyber-physical scenario affecting smart cities.",

keywords = "Attack Graph, Cybsersecurity, Defense Graph, Ontology",

author = "K{\'e}ren Saint-Hilaire and Fr{\'e}d{\'e}ric Cuppens and Nora Cuppens and Joaquin Garcia-Alfaro",

note = "Publisher Copyright: {\textcopyright} IFIP International Federation for Information Processing 2024.; 38th IFIP TC 11 International Conference on ICT Systems Security and Privacy Protection, SEC 2023 ; Conference date: 14-06-2023 Through 16-06-2023",

year = "2024",

month = jan,

day = "1",

doi = "10.1007/978-3-031-56326-3\_5",

language = "English",

isbn = "9783031563256",

series = "IFIP Advances in Information and Communication Technology",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "59--72",

editor = "Norbert Meyer and Anna Grocholewska-Czury{\l}o",

booktitle = "ICT Systems Security and Privacy Protection - 38th IFIP TC 11 International Conference, SEC 2023, Revised Selected Papers",

}

Saint-Hilaire, K, Cuppens, F, Cuppens, N & Garcia-Alfaro, J 2024, Automated Enrichment of Logical Attack Graphs via Formal Ontologies. in N Meyer & A Grocholewska-Czuryło (eds), ICT Systems Security and Privacy Protection - 38th IFIP TC 11 International Conference, SEC 2023, Revised Selected Papers. IFIP Advances in Information and Communication Technology, vol. 679 IFIPAICT, Springer Science and Business Media Deutschland GmbH, pp. 59-72, 38th IFIP TC 11 International Conference on ICT Systems Security and Privacy Protection, SEC 2023, Poznan, Poland, 14/06/23. https://doi.org/10.1007/978-3-031-56326-3_5

Automated Enrichment of Logical Attack Graphs via Formal Ontologies. / Saint-Hilaire, Kéren; Cuppens, Frédéric; Cuppens, Nora et al.
ICT Systems Security and Privacy Protection - 38th IFIP TC 11 International Conference, SEC 2023, Revised Selected Papers. ed. / Norbert Meyer; Anna Grocholewska-Czuryło. Springer Science and Business Media Deutschland GmbH, 2024. p. 59-72 (IFIP Advances in Information and Communication Technology; Vol. 679 IFIPAICT).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Automated Enrichment of Logical Attack Graphs via Formal Ontologies

AU - Saint-Hilaire, Kéren

AU - Cuppens, Frédéric

AU - Cuppens, Nora

AU - Garcia-Alfaro, Joaquin

N1 - Publisher Copyright: © IFIP International Federation for Information Processing 2024.

PY - 2024/1/1

Y1 - 2024/1/1

N2 - Attack graphs represent the possible actions of adversaries to attack a system. Cybersecurity experts use them to make decisions concerning remediation and recovery plans. There are different attack graph-building approaches. We focus on logical attack graphs. Networks and vulnerabilities constantly change; we propose an attack graph enrichment approach based on semantic augmentation post-processing of the logic predicates. Mapping attack graphs with alerts from a monitored system allows for confirming successful attack actions and updating according to network and vulnerability changes. The predicates get periodically updated based on attack evidence and ontology knowledge, allowing us to verify whether changes lead the attacker to the initial goals or cause further damage to the system not anticipated in the initial graphs. We illustrate our approach using a specific cyber-physical scenario affecting smart cities.

AB - Attack graphs represent the possible actions of adversaries to attack a system. Cybersecurity experts use them to make decisions concerning remediation and recovery plans. There are different attack graph-building approaches. We focus on logical attack graphs. Networks and vulnerabilities constantly change; we propose an attack graph enrichment approach based on semantic augmentation post-processing of the logic predicates. Mapping attack graphs with alerts from a monitored system allows for confirming successful attack actions and updating according to network and vulnerability changes. The predicates get periodically updated based on attack evidence and ontology knowledge, allowing us to verify whether changes lead the attacker to the initial goals or cause further damage to the system not anticipated in the initial graphs. We illustrate our approach using a specific cyber-physical scenario affecting smart cities.

KW - Attack Graph

KW - Cybsersecurity

KW - Defense Graph

KW - Ontology

U2 - 10.1007/978-3-031-56326-3_5

DO - 10.1007/978-3-031-56326-3_5

M3 - Conference contribution

AN - SCOPUS:85192385371

SN - 9783031563256

T3 - IFIP Advances in Information and Communication Technology

SP - 59

EP - 72

BT - ICT Systems Security and Privacy Protection - 38th IFIP TC 11 International Conference, SEC 2023, Revised Selected Papers

A2 - Meyer, Norbert

A2 - Grocholewska-Czuryło, Anna

PB - Springer Science and Business Media Deutschland GmbH

T2 - 38th IFIP TC 11 International Conference on ICT Systems Security and Privacy Protection, SEC 2023

Y2 - 14 June 2023 through 16 June 2023

ER -

Saint-Hilaire K, Cuppens F, Cuppens N, Garcia-Alfaro J. Automated Enrichment of Logical Attack Graphs via Formal Ontologies. In Meyer N, Grocholewska-Czuryło A, editors, ICT Systems Security and Privacy Protection - 38th IFIP TC 11 International Conference, SEC 2023, Revised Selected Papers. Springer Science and Business Media Deutschland GmbH. 2024. p. 59-72. (IFIP Advances in Information and Communication Technology). doi: 10.1007/978-3-031-56326-3_5