IDEAS home Printed from https://ideas.repec.org/a/sae/joudef/v15y2018i1p79-93.html
   My bibliography  Save this article

A Graphical Model to Assess the Impact of Multi-Step Attacks

Author

Listed:
  • Massimiliano Albanese
  • Sushil Jajodia

Abstract

In the last several decades, networked systems have grown in complexity and sophistication, introducing complex interdependencies amongst their numerous and diverse components. Attackers can leverage such interdependencies to penetrate seemingly well-guarded networks through sophisticated multi-step attacks. Research has shown that explicit and implicit interdependencies exist at various layers of the hardware and software architecture. In particular, dependencies between vulnerabilities and dependencies between applications and services are critical for assessing the impact of multi-step attacks. These two classes of interdependencies have been traditionally studied using attack and dependency graphs respectively. Although significant work has been done in the area of both attack and dependency graphs, we demonstrate that neither of these models can provide an accurate assessment of an attack’s impact, when used in isolation. To address this limitation, we take a mission-centric approach and present a solution to integrate these two powerful models into a unified framework that enables us to accurately assess the impact of multi-step attacks and identify high-impact attack paths within a network. This analysis can ultimately generate effective hardening recommendations, and can be seen as one phase of a continuous process that iteratively cycles through impact analysis and vulnerability remediation stages.

Suggested Citation

  • Massimiliano Albanese & Sushil Jajodia, 2018. "A Graphical Model to Assess the Impact of Multi-Step Attacks," The Journal of Defense Modeling and Simulation, , vol. 15(1), pages 79-93, January.
    • Handle: RePEc:sae:joudef:v:15:y:2018:i:1:p:79-93
    DOI: 10.1177/1548512917706043
    as

    Download full text from publisher

    File URL: https://journals.sagepub.com/doi/10.1177/1548512917706043
    Download Restriction: no
    File URL: https://libkey.io/10.1177/1548512917706043?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Zbyšek Korecki & Tomas Hoika & Jiří Ulvr & Miroslav Janošek & Matuš Grega, 2024. "Simulation of the attack helicopter Mil Mi-24 conducting anti-surface air operations in support of a battalion task group," The Journal of Defense Modeling and Simulation, , vol. 21(2), pages 245-258, April.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:sae:joudef:v:15:y:2018:i:1:p:79-93. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: SAGE Publications (email available below). General contact details of provider: .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.