Abstract
Attack Graphs have been widely used by the network security administrators to gain an understanding of possible attack paths, an attacker may follow to compromise critical resources. As networks get larger and more complex, one needs to use databases to perform iterative, interactive analysis tasks with attack graphs. In this paper we investigate how property graph based graph databases like Neo4j can be effectively used towards this application. We show that extending the standard property graph model with a constraint specification mechanism aids attack graph modeling and interactive analytics. We briefly sketch a preliminary attempt to implement a constraint layer over Neo4j and show how attack graph generation and analysis can be performed faithfully in Neo4j using the extended model.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Asterixdb. https://asterixdb.ics.uci.edu/. Accessed 30 July 2016
Cypher query language. https://neo4j.com/developer/cypher-query-language/. Accessed 30 July 2016
Neo4j graph database. https://neo4j.com/. Accessed 30 July 2016
Property graph model. https://github.com/tinkerpop/blueprints/wiki/Property-Graph-Model. Accessed 30 July 2016
Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, CCS 2002, New York, pp. 217–224. ACM (2002)
Barceló, P., Libkin, L., Lin, A.W., Wood, P.T.: Expressive languages for path queries over graph-structured data. ACM Trans. Database Syst. (TODS) 37(4), 31 (2012)
Barik, M.S., Mazumdar, C.: A graph data model for attack graph generation and analysis. In: MartÃnez Pérez, G., Thampi, S.M., Ko, R., Shu, L. (eds.) SNDS 2014. CCIS, vol. 420, pp. 239–250. Springer, Heidelberg (2014). doi:10.1007/978-3-642-54525-2_22
Dacier, M., Deswarte, Y.: Privilege graph: an extension to the typed access matrix model. In: Gollmann, D. (ed.) ESORICS 1994. LNCS, vol. 875, pp. 319–334. Springer, Heidelberg (1994). doi:10.1007/3-540-58618-0_72
Ingols, K., Chu, M., Lippmann, R., Webster, S., Boyer, S.: Modeling modern network attacks and countermeasures using attack graphs. In: Computer Security Applications Conference, ACSAC 2009, Annual, pp. 117–126, December 2009
Ingols, K., Lippmann, R., Piwowarski, K.: Practical attack graph generation for network defense. In: ACSAC 2006: Proceedings of the 22nd Annual Computer Security Applications Conference, Washington, DC, USA, pp. 121–130. IEEE Computer Society (2006)
Jajodia, S., Noel, S., Berry, B.: Topological analysis of network attack vulnerability. In: Kumar, V., Srivastava, J., Lazarevic, A. (eds.) Managing Cyber Threats, pp. 247–266. Springer, New York (2005)
Jha, S., Sheyner, O., Wing, J.: Two formal analysis of attack graphs. In: CSFW 2002: Proceedings of the 15th IEEE Workshop on Computer Security Foundations, Washington, DC, USA, p. 49. IEEE Computer Society (2002)
Lippmann, R., Ingols, K., Scott, C., Piwowarski, K., Kratkiewicz, K., Artz, M., Cunningham, R.: Validating and restoring defense in depth using attack graphs. In: Proceedings of the 2006 IEEE Conference on Military Communications, MILCOM 2006, Piscataway, NJ, USA, pp. 981–990. IEEE Press (2006)
Liu, C., Singhal, A., Wijesekera, D.: Using attack graphs in forensic examinations. In: 2012 Seventh International Conference on Availability, Reliability and Security (ARES), pp. 596–603, August 2012
Noel, S., Harley, E., Tam, K.H., Gyor, G.: Big-data architecture for cyber attack graphs: representing security relationships in nosql graph databases. In: 2015 IEEE International Symposium on Technologies for Homeland Security (HST), April 2015
Noel, S., Jajodia, S.: Metrics suite for network attack graph analytics. In: Proceedings of the 9th Annual Cyber and Information Security Research Conference, CISR 2014, New York, NY, USA, pp. 5–8. ACM (2014)
Noel, S., Robertson, E., Jajodia, S.: Correlating intrusion events, building attack scenarios through attack graph distances. In: ACSAC 2004: Proceedings of the 20th Annual Computer Security Applications Conference, Washington, DC, USA, pp. 350–359. IEEE Computer Society (2004)
Ou, X., Boyer, W.F., McQueen, M.A.: A scalable approach to attack graph generation. In: CCS 2006: Proceedings of the 13th ACM Conference on Computer and Communications Security, New York, NY, USA, pp. 336–345. ACM (2006)
Pamula, J., Jajodia, S., Ammann, P., Swarup, V.: A weakest-adversary security metric for network configuration security analysis. In: QoP 2006: Proceedings of the 2nd ACM Workshop on Quality of Protection, New York, NY, USA, pp. 31–38. ACM (2006)
Phillips, C., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: NSPW 1998: Proceedings of the 1998 Workshop on New Security Paradigms, New York, NY, USA, pp. 71–79. ACM (1998)
Ritchey, R.W., Ammann, P.: Using model checking to analyze network vulnerabilities. In: SP 2000: Proceedings of the 2000 IEEE Symposium on Security and Privacy, Washington, DC, USA, p. 156. IEEE Computer Society (2000)
Schneier, B.: Secrets & Lies: Digital Security in a Networked World, 1st edn. John Wiley & Sons Inc., New York (2000)
Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation, analysis of attack graphs. In: SP 2002: Proceedings of the 2002 IEEE Symposium on Security and Privacy, Washington, DC, USA, p. 273. IEEE Computer Society (2002)
Thalheim, B.: Extended entity-relationship model. In: Liu, L., Tamer Özsu, M. (eds.) Encyclopedia of Database Systems, pp. 1083–1091. Springer, New York (2009)
Wang, L., Islam, T., Long, T., Singhal, A., Jajodia, S.: An attack graph-based probabilistic security metric. In: Proceeedings of the 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security, pp. 283–296, Springer, Heidelberg (2008)
Wang, L., Jajodia, S., Singhal, A., Cheng, P., Noel, S.: k-zero day safety: a network security metric for measuring the risk of unknown vulnerabilities. IEEE Trans. Dependable Secure Comput. 11(1), 30–44 (2014)
Wang, L., Liu, A., Jajodia, S.: Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts. Comput. Commun. 29(15), 2917–2933 (2006)
Wang, L., Noel, S., Jajodia, S.: Minimum-cost network hardening using attack graphs. Comput. Commun. 29(18), 3812–3824 (2006)
Wang, L., Yao, C., Singhal, A., Jajodia, S.: Interactive analysis of attack graphs using relational queries. In: Damiani, E., Liu, P. (eds.) DBSec 2006. LNCS, vol. 4127, pp. 119–132. Springer, Heidelberg (2006). doi:10.1007/11805588_9
Wang, L., Yao, C., Singhal, A., Jajodia, S.: Implementing interactive analysis of attack graphs using relational databases. J. Comput. Secur. 16(4), 419–437 (2008)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Barik, M.S., Mazumdar, C., Gupta, A. (2016). Network Vulnerability Analysis Using a Constrained Graph Data Model. In: Ray, I., Gaur, M., Conti, M., Sanghi, D., Kamakoti, V. (eds) Information Systems Security. ICISS 2016. Lecture Notes in Computer Science(), vol 10063. Springer, Cham. https://doi.org/10.1007/978-3-319-49806-5_14
Download citation
DOI: https://doi.org/10.1007/978-3-319-49806-5_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49805-8
Online ISBN: 978-3-319-49806-5
eBook Packages: Computer ScienceComputer Science (R0)