Study on the Application of Graph Theory Algorithms and Attack Graphs in Cybersecurity Assessment

Jinghan Zhang; Wei Wang; Enrico Zio

doi:10.1109/ICSRS59833.2023.10381005

Study on the Application of Graph Theory Algorithms and Attack Graphs in Cybersecurity Assessment

^*Corresponding author for this work

Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 32 - Refereed conference paper (with host publication) › peer-review

5 Citations (Scopus)

Abstract

Postulating the behavior of attackers is important in the design of cybersecurity protection measures. Attack graph is a technique employed for this purpose, which aids in identifying and modeling the potential attack paths an attacker could take to gain unauthorized access to a cyber network, exploit vulnerabilities, and compromise the system's confidentiality, integrity, and availability. In this study, we propose a framework aimed at identifying potential attack paths and determining the shortest path with the highest probability of a successful attack. Meanwhile, based on the attack graph determine the minimum patch sets with the most severity to protect the network security. Common Vulnerability Scoring System (CVSS) is utilized to quantify the exploitability and severity of each vulnerability. The Dijkstra algorithm is utilized to calculate the shortest path with the highest probability, and the Stoer-Wagner algorithm is utilized to calculate the minimum patch sets with the most severity. To demonstrate the proposed framework, we apply it to a simplified SCADA system within a corporate network susceptible to cyber attacks. © 2023 IEEE.

Original language	English
Title of host publication	2023 7th International Conference on System Reliability and Safety (ICSRS)
Publisher	IEEE
Pages	558-564
ISBN (Electronic)	979-8-3503-0605-7, 979-8-3503-0604-0
ISBN (Print)	979-8-3503-0606-4
DOIs	https://doi.org/10.1109/ICSRS59833.2023.10381005
Publication status	Published - Nov 2023
Event	7th International Conference on System Reliability and Safety (ICSRS 2023) - Bologna, Italy Duration: 22 Nov 2023 → 24 Nov 2023

Publication series

Name	International Conference on System Reliability and Safety, ICSRS

Conference

Conference	7th International Conference on System Reliability and Safety (ICSRS 2023)
Place	Italy
City	Bologna
Period	22/11/23 → 24/11/23

Funding

This work was supported by National Natural Science Foundation of China (Project no. 72101221) and GRF – RGC General Research Fund CityU 11215323 (Project no. 9043545).

Research Keywords

attack graph
attack path
CVSS
cybersecurity
Dijkstra algorithm
patch set
Stoer-Wagner algorithm

Access Output

10.1109/ICSRS59833.2023.10381005

Other Access Options

Check CityUHK Library

Permanent Link

Right click to copy link

Cite this

@inproceedings{f46f87d7f73f4660842ad30a10a73554,

title = "Study on the Application of Graph Theory Algorithms and Attack Graphs in Cybersecurity Assessment",

abstract = "Postulating the behavior of attackers is important in the design of cybersecurity protection measures. Attack graph is a technique employed for this purpose, which aids in identifying and modeling the potential attack paths an attacker could take to gain unauthorized access to a cyber network, exploit vulnerabilities, and compromise the system's confidentiality, integrity, and availability. In this study, we propose a framework aimed at identifying potential attack paths and determining the shortest path with the highest probability of a successful attack. Meanwhile, based on the attack graph determine the minimum patch sets with the most severity to protect the network security. Common Vulnerability Scoring System (CVSS) is utilized to quantify the exploitability and severity of each vulnerability. The Dijkstra algorithm is utilized to calculate the shortest path with the highest probability, and the Stoer-Wagner algorithm is utilized to calculate the minimum patch sets with the most severity. To demonstrate the proposed framework, we apply it to a simplified SCADA system within a corporate network susceptible to cyber attacks. {\textcopyright} 2023 IEEE.",

keywords = "attack graph, attack path, CVSS, cybersecurity, Dijkstra algorithm, patch set, Stoer-Wagner algorithm",

author = "Jinghan Zhang and Wei Wang and Enrico Zio",

year = "2023",

month = nov,

doi = "10.1109/ICSRS59833.2023.10381005",

language = "English",

isbn = "979-8-3503-0606-4",

series = "International Conference on System Reliability and Safety, ICSRS",

publisher = "IEEE",

pages = "558--564",

booktitle = "2023 7th International Conference on System Reliability and Safety (ICSRS)",

address = "United States",

note = "7th International Conference on System Reliability and Safety (ICSRS 2023) ; Conference date: 22-11-2023 Through 24-11-2023",

}

Zhang, J , Wang, W & Zio, E 2023, Study on the Application of Graph Theory Algorithms and Attack Graphs in Cybersecurity Assessment. in 2023 7th International Conference on System Reliability and Safety (ICSRS). International Conference on System Reliability and Safety, ICSRS, IEEE, pp. 558-564, 7th International Conference on System Reliability and Safety (ICSRS 2023), Bologna, Italy, 22/11/23. https://doi.org/10.1109/ICSRS59833.2023.10381005

Study on the Application of Graph Theory Algorithms and Attack Graphs in Cybersecurity Assessment. / Zhang, Jinghan ; Wang, Wei; Zio, Enrico.
2023 7th International Conference on System Reliability and Safety (ICSRS). IEEE, 2023. p. 558-564 (International Conference on System Reliability and Safety, ICSRS).

Research output: Chapters, Conference Papers, Creative and Literary Works › RGC 32 - Refereed conference paper (with host publication) › peer-review

TY - GEN

T1 - Study on the Application of Graph Theory Algorithms and Attack Graphs in Cybersecurity Assessment

AU - Zhang, Jinghan

AU - Wang, Wei

AU - Zio, Enrico

PY - 2023/11

Y1 - 2023/11

N2 - Postulating the behavior of attackers is important in the design of cybersecurity protection measures. Attack graph is a technique employed for this purpose, which aids in identifying and modeling the potential attack paths an attacker could take to gain unauthorized access to a cyber network, exploit vulnerabilities, and compromise the system's confidentiality, integrity, and availability. In this study, we propose a framework aimed at identifying potential attack paths and determining the shortest path with the highest probability of a successful attack. Meanwhile, based on the attack graph determine the minimum patch sets with the most severity to protect the network security. Common Vulnerability Scoring System (CVSS) is utilized to quantify the exploitability and severity of each vulnerability. The Dijkstra algorithm is utilized to calculate the shortest path with the highest probability, and the Stoer-Wagner algorithm is utilized to calculate the minimum patch sets with the most severity. To demonstrate the proposed framework, we apply it to a simplified SCADA system within a corporate network susceptible to cyber attacks. © 2023 IEEE.

AB - Postulating the behavior of attackers is important in the design of cybersecurity protection measures. Attack graph is a technique employed for this purpose, which aids in identifying and modeling the potential attack paths an attacker could take to gain unauthorized access to a cyber network, exploit vulnerabilities, and compromise the system's confidentiality, integrity, and availability. In this study, we propose a framework aimed at identifying potential attack paths and determining the shortest path with the highest probability of a successful attack. Meanwhile, based on the attack graph determine the minimum patch sets with the most severity to protect the network security. Common Vulnerability Scoring System (CVSS) is utilized to quantify the exploitability and severity of each vulnerability. The Dijkstra algorithm is utilized to calculate the shortest path with the highest probability, and the Stoer-Wagner algorithm is utilized to calculate the minimum patch sets with the most severity. To demonstrate the proposed framework, we apply it to a simplified SCADA system within a corporate network susceptible to cyber attacks. © 2023 IEEE.

KW - attack graph

KW - attack path

KW - CVSS

KW - cybersecurity

KW - Dijkstra algorithm

KW - patch set

KW - Stoer-Wagner algorithm

UR - http://www.scopus.com/inward/record.url?scp=85183469817&partnerID=8YFLogxK

UR - https://www.scopus.com/record/pubmetrics.uri?eid=2-s2.0-85183469817&origin=recordpage

U2 - 10.1109/ICSRS59833.2023.10381005

DO - 10.1109/ICSRS59833.2023.10381005

M3 - RGC 32 - Refereed conference paper (with host publication)

SN - 979-8-3503-0606-4

T3 - International Conference on System Reliability and Safety, ICSRS

SP - 558

EP - 564

BT - 2023 7th International Conference on System Reliability and Safety (ICSRS)

PB - IEEE

T2 - 7th International Conference on System Reliability and Safety (ICSRS 2023)

Y2 - 22 November 2023 through 24 November 2023

ER -

Study on the Application of Graph Theory Algorithms and Attack Graphs in Cybersecurity Assessment

Abstract

Publication series

Conference

Funding

Research Keywords

Access Output

Other Access Options

Permanent Link

Other Files and Links

Fingerprint

GRF: Fusing Vulnerabilities Spatiotemporal Characteristics into Cyber-resilience-oriented Planning of Cyber-Physical Systems

Cite this

Study on the Application of Graph Theory Algorithms and Attack Graphs in Cybersecurity Assessment

Abstract

Publication series

Conference

Funding

Research Keywords

Access Output

Other Access Options

Permanent Link

Other Files and Links

Fingerprint

Projects

GRF: Fusing Vulnerabilities Spatiotemporal Characteristics into Cyber-resilience-oriented Planning of Cyber-Physical Systems

Cite this