TY - GEN
T1 - A reinforcement learning approach for attack graph analysis
AU - Yousefi, Mehdi
AU - Mtetwa, Nhamo
AU - Zhang, Yan
AU - Tianfield, Huaglory
N1 - Acceptance in SAN
AAM: no embargo
Applied 'no exception' - access non-compliance. ET 14/11/19
PY - 2018/9/6
Y1 - 2018/9/6
N2 - Attack graph approach is a common tool for the analysis of network security. However, analysis of attack graphs could be complicated and difficult depending on the attack graph size. This paper presents an approximate analysis approach for attack graphs based on Q-learning. First, we employ multi-host multi-stage vulnerability analysis (MulVAL) to generate an attack graph for a given network topology. Then we refine the attack graph and generate a simplified graph called a transition graph. Next, we use a Q-learning model to find possible attack routes that an attacker could use to compromise the security of the network. Finally, we evaluate the approach by applying it to a typical IT network scenario with specific services, network configurations, and vulnerabilities.
AB - Attack graph approach is a common tool for the analysis of network security. However, analysis of attack graphs could be complicated and difficult depending on the attack graph size. This paper presents an approximate analysis approach for attack graphs based on Q-learning. First, we employ multi-host multi-stage vulnerability analysis (MulVAL) to generate an attack graph for a given network topology. Then we refine the attack graph and generate a simplified graph called a transition graph. Next, we use a Q-learning model to find possible attack routes that an attacker could use to compromise the security of the network. Finally, we evaluate the approach by applying it to a typical IT network scenario with specific services, network configurations, and vulnerabilities.
KW - cyber security
KW - reinforcement learning
KW - Q-learning
KW - attack graph
UR - http://www.cloud-conf.net/trustcom18/
U2 - 10.1109/TrustCom/BigDataSE.2018.00041
DO - 10.1109/TrustCom/BigDataSE.2018.00041
M3 - Conference contribution
SN - 9781538643891
SP - 212
EP - 217
BT - 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)
PB - IEEE
ER -