Attack graph construction for enhancing intrusion prediction based on vulnerabilities metrics

Al-Araji, Zaid Jasim Mohammed (2023) Attack graph construction for enhancing intrusion prediction based on vulnerabilities metrics. Doctoral thesis, Universiti Teknikal Malaysia Melaka.

	Text (24 Pages) Attack graph construction for enhancing intrusion prediction based on vulnerabilities metrics.pdf - Submitted Version Download (417kB)
	Text (Full Text) Attack graph construction for enhancing intrusion prediction based on vulnerabilities metrics.pdf - Submitted Version Restricted to Registered users only Download (2MB)

Official URL: https://plh.utem.edu.my/cgi-bin/koha/opac-detail.p...

Abstract

The use of network technologies has increased in recent years. Although the network is beneficial for individuals to work and live in, it does have security challenges that should be rectified. One of these issues is cyberattacks. The attack surface for hackers is growing as more devices are linked to the internet. The next-generation cyber defence concentrating on predictive analysis seems more proactive than existing technologies based on intrusion detection. Recently, many approaches have been proposed to detect and predict attacks; one of these approaches is attack graphs. The main reason for designing the attack graph is to predict the attack as well as to predict the attack's next step in the network. The attack graph depicts the many paths an attacker may attempt to get around a security policy by leveraging interdependencies between disclosed vulnerabilities. The attack graph is categorized into three sections: generation, analysis, and use of attack graph. However, current attack graphs are suffering from a few issues. Scalability is the main issue the attack graph generation is facing. The reason for this issue is that the increase in the usage of devices connected to the network leads to increased vulnerabilities in the network, which leads to an increment in the complexity as well as generation time of the attack graph. However, the latest findings have employed the attack graph to forecast the next attack stage and manually locate the attack location for attack graph analysis. The attack graph is frequently employed in a few areas. Here, deriving security metrics is one component in which applying established security metrics might produce inaccurate findings. For this issue, this study proposes using intelligent agents to reduce the reachability time in calculating between the nodes and use the naïve approach prune algorithm to remove unnecessary edges, minimizing the attack graph's complexity. This study employs use Random Forest algorithm to identify and forecast attacks to dynamically locate the attack location in the network for attack graph analysis. The Weakest Path (WP), Mean Vulnerabilities on Path (MVoP), and Number of Vulnerabilities (NV) are three metrics introduced in this thesis. These metrics use network resources to determine the number of vulnerabilities and the network's weakest path. This work aims to generate a faster and less complexity attack graph and enhance the attack graph analysis to improve the detection and prediction of the attack, the attack's next step, and discover the weakest path that an attacker might use. For the results, the proposed attack graph performs better than the existing attack graph by using a naïve approach and a personal agent. The proposed attack graph reduced the generation time by 20% and the attack graph complexity. Besides, the RF algorithm produces encouraging results with an average accuracy rate of 97% in a different split of the CICIDS-2017 dataset and 94% using the CSE-CIC-IDS-2018 dataset. At the same time, vulnerabilities metrics provide better results and more understanding of the network. For future work, different pruning algorithms will be used to reduce the complexity, besides improving the attack prediction to increase the accuracy of determining the attack location.

Item Type:	Thesis (Doctoral)
Uncontrolled Keywords:	Computer networks, Security measures, Computer crimes
Subjects:	T Technology > T Technology (General) T Technology > TK Electrical engineering. Electronics Nuclear engineering
Divisions:	Library > Tesis > FTMK
Depositing User:	MUHAMAD HAFEEZ ZAINUDIN
Date Deposited:	12 Nov 2024 09:43
Last Modified:	12 Nov 2024 09:43
URI:	http://eprints.utem.edu.my/id/eprint/27699
Statistic Details:	View Download Statistic

Actions (login required)

View Item