Automated Enrichment of Logical Attack Graphs via Formal Ontologies

Kéren Saint-Hilaire; Frédéric Cuppens; Nora Cuppens; Joaquin Garcia-Alfaro

doi:10.1007/978-3-031-56326-3_5

Automated Enrichment of Logical Attack Graphs via Formal Ontologies

Kéren Saint-Hilaire
, Frédéric Cuppens
, Nora Cuppens
, Joaquin Garcia-Alfaro

Telecom Sudparis
Chair CRITiCAL
Université de Montréal/Polytechnique

Résultats de recherche: Le chapitre dans un livre, un rapport, une anthologie ou une collection › Contribution à une conférence › Revue par des pairs

Résumé

Attack graphs represent the possible actions of adversaries to attack a system. Cybersecurity experts use them to make decisions concerning remediation and recovery plans. There are different attack graph-building approaches. We focus on logical attack graphs. Networks and vulnerabilities constantly change; we propose an attack graph enrichment approach based on semantic augmentation post-processing of the logic predicates. Mapping attack graphs with alerts from a monitored system allows for confirming successful attack actions and updating according to network and vulnerability changes. The predicates get periodically updated based on attack evidence and ontology knowledge, allowing us to verify whether changes lead the attacker to the initial goals or cause further damage to the system not anticipated in the initial graphs. We illustrate our approach using a specific cyber-physical scenario affecting smart cities.

langue originale	Anglais
titre	ICT Systems Security and Privacy Protection - 38th IFIP TC 11 International Conference, SEC 2023, Revised Selected Papers
rédacteurs en chef	Norbert Meyer, Anna Grocholewska-Czuryło
Editeur	Springer Science and Business Media Deutschland GmbH
Pages	59-72
Nombre de pages	14
ISBN (imprimé)	9783031563256
Les DOIs	https://doi.org/10.1007/978-3-031-56326-3_5
état	Publié - 1 janv. 2024
Evénement	38th IFIP TC 11 International Conference on ICT Systems Security and Privacy Protection, SEC 2023 - Poznan, Pologne Durée: 14 juin 2023 → 16 juin 2023

Série de publications

Nom	IFIP Advances in Information and Communication Technology
Volume	679 IFIPAICT
ISSN (imprimé)	1868-4238
ISSN (Electronique)	1868-422X

Une conférence

Une conférence	38th IFIP TC 11 International Conference on ICT Systems Security and Privacy Protection, SEC 2023
Pays/Territoire	Pologne
La ville	Poznan
période	14/06/23 → 16/06/23

SDG des Nations Unies

Ce résultat contribue à ou aux Objectifs de développement durable suivants

SDG 11 Villes et communautés durables

Accès au document

10.1007/978-3-031-56326-3_5

Contient cette citation

Saint-Hilaire, K., Cuppens, F., Cuppens, N., & Garcia-Alfaro, J. (2024). Automated Enrichment of Logical Attack Graphs via Formal Ontologies. Dans N. Meyer, & A. Grocholewska-Czuryło (eds.), ICT Systems Security and Privacy Protection - 38th IFIP TC 11 International Conference, SEC 2023, Revised Selected Papers (p. 59-72). (IFIP Advances in Information and Communication Technology; Vol 679 IFIPAICT). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-3-031-56326-3_5

Saint-Hilaire, Kéren ; Cuppens, Frédéric ; Cuppens, Nora et al. / Automated Enrichment of Logical Attack Graphs via Formal Ontologies. ICT Systems Security and Privacy Protection - 38th IFIP TC 11 International Conference, SEC 2023, Revised Selected Papers. Editeur / Norbert Meyer ; Anna Grocholewska-Czuryło. Springer Science and Business Media Deutschland GmbH, 2024. p. 59-72 (IFIP Advances in Information and Communication Technology).

@inproceedings{c3bb41af3d16405aae8d4d76a178e098,

title = "Automated Enrichment of Logical Attack Graphs via Formal Ontologies",

abstract = "Attack graphs represent the possible actions of adversaries to attack a system. Cybersecurity experts use them to make decisions concerning remediation and recovery plans. There are different attack graph-building approaches. We focus on logical attack graphs. Networks and vulnerabilities constantly change; we propose an attack graph enrichment approach based on semantic augmentation post-processing of the logic predicates. Mapping attack graphs with alerts from a monitored system allows for confirming successful attack actions and updating according to network and vulnerability changes. The predicates get periodically updated based on attack evidence and ontology knowledge, allowing us to verify whether changes lead the attacker to the initial goals or cause further damage to the system not anticipated in the initial graphs. We illustrate our approach using a specific cyber-physical scenario affecting smart cities.",

keywords = "Attack Graph, Cybsersecurity, Defense Graph, Ontology",

author = "K{\'e}ren Saint-Hilaire and Fr{\'e}d{\'e}ric Cuppens and Nora Cuppens and Joaquin Garcia-Alfaro",

note = "Publisher Copyright: {\textcopyright} IFIP International Federation for Information Processing 2024.; 38th IFIP TC 11 International Conference on ICT Systems Security and Privacy Protection, SEC 2023 ; Conference date: 14-06-2023 Through 16-06-2023",

year = "2024",

month = jan,

day = "1",

doi = "10.1007/978-3-031-56326-3\_5",

language = "English",

isbn = "9783031563256",

series = "IFIP Advances in Information and Communication Technology",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "59--72",

editor = "Norbert Meyer and Anna Grocholewska-Czury{\l}o",

booktitle = "ICT Systems Security and Privacy Protection - 38th IFIP TC 11 International Conference, SEC 2023, Revised Selected Papers",

}

Saint-Hilaire, K, Cuppens, F, Cuppens, N & Garcia-Alfaro, J 2024, Automated Enrichment of Logical Attack Graphs via Formal Ontologies. Dans N Meyer & A Grocholewska-Czuryło (eds), ICT Systems Security and Privacy Protection - 38th IFIP TC 11 International Conference, SEC 2023, Revised Selected Papers. IFIP Advances in Information and Communication Technology, VOL. 679 IFIPAICT, Springer Science and Business Media Deutschland GmbH, p. 59-72, 38th IFIP TC 11 International Conference on ICT Systems Security and Privacy Protection, SEC 2023, Poznan, Pologne, 14/06/23. https://doi.org/10.1007/978-3-031-56326-3_5

Automated Enrichment of Logical Attack Graphs via Formal Ontologies. / Saint-Hilaire, Kéren; Cuppens, Frédéric; Cuppens, Nora et al.
ICT Systems Security and Privacy Protection - 38th IFIP TC 11 International Conference, SEC 2023, Revised Selected Papers. Ed. / Norbert Meyer; Anna Grocholewska-Czuryło. Springer Science and Business Media Deutschland GmbH, 2024. p. 59-72 (IFIP Advances in Information and Communication Technology; Vol 679 IFIPAICT).

Résultats de recherche: Le chapitre dans un livre, un rapport, une anthologie ou une collection › Contribution à une conférence › Revue par des pairs

TY - GEN

T1 - Automated Enrichment of Logical Attack Graphs via Formal Ontologies

AU - Saint-Hilaire, Kéren

AU - Cuppens, Frédéric

AU - Cuppens, Nora

AU - Garcia-Alfaro, Joaquin

N1 - Publisher Copyright: © IFIP International Federation for Information Processing 2024.

PY - 2024/1/1

Y1 - 2024/1/1

N2 - Attack graphs represent the possible actions of adversaries to attack a system. Cybersecurity experts use them to make decisions concerning remediation and recovery plans. There are different attack graph-building approaches. We focus on logical attack graphs. Networks and vulnerabilities constantly change; we propose an attack graph enrichment approach based on semantic augmentation post-processing of the logic predicates. Mapping attack graphs with alerts from a monitored system allows for confirming successful attack actions and updating according to network and vulnerability changes. The predicates get periodically updated based on attack evidence and ontology knowledge, allowing us to verify whether changes lead the attacker to the initial goals or cause further damage to the system not anticipated in the initial graphs. We illustrate our approach using a specific cyber-physical scenario affecting smart cities.

AB - Attack graphs represent the possible actions of adversaries to attack a system. Cybersecurity experts use them to make decisions concerning remediation and recovery plans. There are different attack graph-building approaches. We focus on logical attack graphs. Networks and vulnerabilities constantly change; we propose an attack graph enrichment approach based on semantic augmentation post-processing of the logic predicates. Mapping attack graphs with alerts from a monitored system allows for confirming successful attack actions and updating according to network and vulnerability changes. The predicates get periodically updated based on attack evidence and ontology knowledge, allowing us to verify whether changes lead the attacker to the initial goals or cause further damage to the system not anticipated in the initial graphs. We illustrate our approach using a specific cyber-physical scenario affecting smart cities.

KW - Attack Graph

KW - Cybsersecurity

KW - Defense Graph

KW - Ontology

U2 - 10.1007/978-3-031-56326-3_5

DO - 10.1007/978-3-031-56326-3_5

M3 - Conference contribution

AN - SCOPUS:85192385371

SN - 9783031563256

T3 - IFIP Advances in Information and Communication Technology

SP - 59

EP - 72

BT - ICT Systems Security and Privacy Protection - 38th IFIP TC 11 International Conference, SEC 2023, Revised Selected Papers

A2 - Meyer, Norbert

A2 - Grocholewska-Czuryło, Anna

PB - Springer Science and Business Media Deutschland GmbH

T2 - 38th IFIP TC 11 International Conference on ICT Systems Security and Privacy Protection, SEC 2023

Y2 - 14 June 2023 through 16 June 2023

ER -

Saint-Hilaire K, Cuppens F, Cuppens N, Garcia-Alfaro J. Automated Enrichment of Logical Attack Graphs via Formal Ontologies. Dans Meyer N, Grocholewska-Czuryło A, rédacteurs en chef, ICT Systems Security and Privacy Protection - 38th IFIP TC 11 International Conference, SEC 2023, Revised Selected Papers. Springer Science and Business Media Deutschland GmbH. 2024. p. 59-72. (IFIP Advances in Information and Communication Technology). doi: 10.1007/978-3-031-56326-3_5