Learning Policies for Path Selection in Attack Graphs
KTH, Skolan för elektroteknik och datavetenskap (EECS), 2022
Online
Hochschulschrift
Zugriff:
IT systems are indispensable nowadays. With thousands of hacking attempts happening daily, cyber defense mechanisms are crucial for maintaining a working state of those systems. Simulating an attacker is a means of preparing for future hacking attacks by determining the most likely vulnerabilities where an attack could be attempted. In previous work, the simulated attacker had full knowledge over the cyber system that is being compromised and could efficiently select a path that leads to valuable assets. However, a realistic attacker would only see a subset of the system. In this novel scenario, traditional path selection methods are not applicable anymore and the question arises: how well can a path selection policy be learned and correctly applied in a subset of an attack graph? Several graph neural networks (GNNs) were examined as candidates for learning the path selection policy. The chosen GNN, a graph attention network (GAT), was then implemented and trained on generated attack graphs of simple cyber systems. The predicted actions from the approximated policy were compared against the optimal actions in an unseen test set to determine the approximation capabilities of the network. GAT was found to predict the optimal actions almost always. However, the high complexity of the graph generation process resulted in limited variation between graphs, a small number of graphs overall and thus in overfitting to the train set. Nonetheless, we showed that GAT is able to utilize attack graph data of a cyber system to learn a path selection policy and apply it in a subset of an attack graph. ; IT-system är idag oumbärliga för hela samhället. När tusentals intrångsförsök sker dagligen är cyberförsvarsmekanismer avgörande för att säkerställa att systemen fungerar. Att simulera en angripare är ett sätt att förbereda sig för framtida hackningförsök, genom att avgöra vilka sårbarheter som mest sannolikt kan komma att utnyttjas i en eventuell attack. I tidigare forskning har den simulerade angriparen haft fullständig .
Titel: |
Learning Policies for Path Selection in Attack Graphs
|
---|---|
Autor/in / Beteiligte Person: | Rickli, Manuel |
Link: | |
Veröffentlichung: | KTH, Skolan för elektroteknik och datavetenskap (EECS), 2022 |
Medientyp: | Hochschulschrift |
Schlagwort: |
|
Sonstiges: |
|