Integrating Network and Attack Graphs for Service-Centric Impact Analysis

TL;DR

This paper introduces a probabilistic approach to model, visualize, and analyze cyber threats and attack impacts across enterprise networks, focusing on service-level propagation and mitigation strategies.

Contribution

It presents a novel methodology combining network and attack graphs with probabilistic analysis to evaluate attack scenarios and inform security decisions.

Findings

Effective attack propagation analysis across service layers

Enhanced detection of early attack spread within microservices

Support for developing targeted mitigation strategies

Abstract

We present a novel methodology for modelling, visualising, and analysing cyber threats, attack paths, as well as their impact on user services in enterprise or infrastructure networks of digital devices and services they provide. Using probabilistic methods to track the propagation of an attack through attack graphs, via the service or application layers, and on physical communication networks, our model enables us to analyse cyber attacks at different levels of detail. Understanding the propagation of an attack within a service among microservices and its spread between different services or application servers could help detect and mitigate it early. We demonstrate that this network-based influence spreading modelling approach enables the evaluation of diverse attack scenarios and the development of protection and mitigation measures, taking into account the criticality of services from the user's perspective. This methodology could also aid security specialists and system administrators in making well-informed decisions regarding risk mitigation strategies.