Network Modelling in Analysing Cyber-related Graphs

TL;DR

This paper introduces a novel probabilistic network influence model for analyzing cyber attack and causal graphs, enabling detailed insights into attack paths and aiding cyber defense strategies.

Contribution

The paper presents a new influence spreading model tailored for cyber graphs, allowing probabilistic analysis of attack trajectories beyond traditional visualization methods.

Findings

Model effectively analyzes directed, weighted, cyclic graphs

Demonstrated on three cyber-related graph use cases

Provides quantitative metrics for cyber attack prioritization

Abstract

In order to improve the resilience of computer infrastructure against cyber attacks and finding ways to mitigate their impact we need to understand their structure and dynamics. Here we propose a novel network-based influence spreading model to investigate event trajectories or paths in various types of attack and causal graphs, which can be directed, weighted, and / or cyclic. In case of attack graphs with acyclic paths, only self-avoiding attack chains are allowed. In the framework of our model a detailed probabilistic analysis beyond the traditional visualisation of attack graphs, based on vulnerabilities, services, and exploitabilities, can be performed. In order to demonstrate the capabilities of the model, we present three use cases with cyber-related graphs, namely two attack graphs and a causal graph. The model can be of benefit to cyber analysts in generating quantitative metrics for prioritisation, summaries, or analysis of larger graphs.