A reinforcement learning approach for attack graph analysis

Mehdi Yousefi; Nhamo Mtetwa; Yan Zhang; Huaglory Tianfield

doi:10.1109/TrustCom/BigDataSE.2018.00041

A reinforcement learning approach for attack graph analysis

Mehdi Yousefi, Nhamo Mtetwa, Yan Zhang, Huaglory Tianfield

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

47 Citations (Scopus)

1520 Downloads (Pure)

Abstract

Attack graph approach is a common tool for the analysis of network security. However, analysis of attack graphs could be complicated and difficult depending on the attack graph size. This paper presents an approximate analysis approach for attack graphs based on Q-learning. First, we employ multi-host multi-stage vulnerability analysis (MulVAL) to generate an attack graph for a given network topology. Then we refine the attack graph and generate a simplified graph called a transition graph. Next, we use a Q-learning model to find possible attack routes that an attacker could use to compromise the security of the network. Finally, we evaluate the approach by applying it to a typical IT network scenario with specific services, network configurations, and vulnerabilities.

Original language	English
Title of host publication	2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)
Publisher	IEEE
Pages	212-217
Number of pages	6
ISBN (Electronic)	9781538643884
ISBN (Print)	9781538643891
DOIs	https://doi.org/10.1109/TrustCom/BigDataSE.2018.00041
Publication status	Published - 6 Sept 2018
Event	The 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications - New York, United States Duration: 31 Jul 2018 → 3 Aug 2018 https://ieeexplore.ieee.org/servlet/opac?punumber=8454845

Publication series

Name
ISSN (Electronic)	2324-9013

Conference

Conference	The 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications
Abbreviated title	IEEE TrustCom-18
Country/Territory	United States
City	New York
Period	31/07/18 → 3/08/18
Internet address	https://ieeexplore.ieee.org/servlet/opac?punumber=8454845

Keywords

cyber security
reinforcement learning
Q-learning
attack graph

ASJC Scopus subject areas

Information Systems and Management
Information Systems
Safety, Risk, Reliability and Quality
Hardware and Architecture
Computer Networks and Communications

Documents and Links

10.1109/TrustCom/BigDataSE.2018.00041

Yousefi, M. et al (2018) A Reinforcement Learning Approach for Attack Graph Analysis
© 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.
Author accepted manuscript, 672 KB

Cite this

Yousefi, M., Mtetwa, N., Zhang, Y., & Tianfield, H. (2018). A reinforcement learning approach for attack graph analysis. In 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE) (pp. 212-217). Article Track 2: Security Track 1 IEEE. https://doi.org/10.1109/TrustCom/BigDataSE.2018.00041

@inproceedings{b3c4e3db3a424c7fa565fc8b84e8e0fa,

title = "A reinforcement learning approach for attack graph analysis",

abstract = "Attack graph approach is a common tool for the analysis of network security. However, analysis of attack graphs could be complicated and difficult depending on the attack graph size. This paper presents an approximate analysis approach for attack graphs based on Q-learning. First, we employ multi-host multi-stage vulnerability analysis (MulVAL) to generate an attack graph for a given network topology. Then we refine the attack graph and generate a simplified graph called a transition graph. Next, we use a Q-learning model to find possible attack routes that an attacker could use to compromise the security of the network. Finally, we evaluate the approach by applying it to a typical IT network scenario with specific services, network configurations, and vulnerabilities.",

keywords = "cyber security, reinforcement learning, Q-learning, attack graph",

author = "Mehdi Yousefi and Nhamo Mtetwa and Yan Zhang and Huaglory Tianfield",

note = "Acceptance in SAN AAM: no embargo Applied 'no exception' - access non-compliance. ET 14/11/19 ; The 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications, IEEE TrustCom-18 ; Conference date: 31-07-2018 Through 03-08-2018",

year = "2018",

month = sep,

day = "6",

doi = "10.1109/TrustCom/BigDataSE.2018.00041",

language = "English",

isbn = "9781538643891",

publisher = "IEEE",

pages = "212--217",

booktitle = "2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)",

address = "United States",

url = "https://ieeexplore.ieee.org/servlet/opac?punumber=8454845",

}

Yousefi, M, Mtetwa, N, Zhang, Y & Tianfield, H 2018, A reinforcement learning approach for attack graph analysis. in 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)., Track 2: Security Track 1, IEEE, pp. 212-217, The 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications, New York, New York, United States, 31/07/18. https://doi.org/10.1109/TrustCom/BigDataSE.2018.00041

A reinforcement learning approach for attack graph analysis. / Yousefi, Mehdi; Mtetwa, Nhamo; Zhang, Yan et al.
2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). IEEE, 2018. p. 212-217 Track 2: Security Track 1.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - A reinforcement learning approach for attack graph analysis

AU - Yousefi, Mehdi

AU - Mtetwa, Nhamo

AU - Zhang, Yan

AU - Tianfield, Huaglory

N1 - Acceptance in SAN AAM: no embargo Applied 'no exception' - access non-compliance. ET 14/11/19

PY - 2018/9/6

Y1 - 2018/9/6

N2 - Attack graph approach is a common tool for the analysis of network security. However, analysis of attack graphs could be complicated and difficult depending on the attack graph size. This paper presents an approximate analysis approach for attack graphs based on Q-learning. First, we employ multi-host multi-stage vulnerability analysis (MulVAL) to generate an attack graph for a given network topology. Then we refine the attack graph and generate a simplified graph called a transition graph. Next, we use a Q-learning model to find possible attack routes that an attacker could use to compromise the security of the network. Finally, we evaluate the approach by applying it to a typical IT network scenario with specific services, network configurations, and vulnerabilities.

AB - Attack graph approach is a common tool for the analysis of network security. However, analysis of attack graphs could be complicated and difficult depending on the attack graph size. This paper presents an approximate analysis approach for attack graphs based on Q-learning. First, we employ multi-host multi-stage vulnerability analysis (MulVAL) to generate an attack graph for a given network topology. Then we refine the attack graph and generate a simplified graph called a transition graph. Next, we use a Q-learning model to find possible attack routes that an attacker could use to compromise the security of the network. Finally, we evaluate the approach by applying it to a typical IT network scenario with specific services, network configurations, and vulnerabilities.

KW - cyber security

KW - reinforcement learning

KW - Q-learning

KW - attack graph

UR - http://www.cloud-conf.net/trustcom18/

U2 - 10.1109/TrustCom/BigDataSE.2018.00041

DO - 10.1109/TrustCom/BigDataSE.2018.00041

M3 - Conference contribution

SN - 9781538643891

SP - 212

EP - 217

BT - 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)

PB - IEEE

T2 - The 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications

Y2 - 31 July 2018 through 3 August 2018

ER -

Yousefi M, Mtetwa N, Zhang Y , Tianfield H. A reinforcement learning approach for attack graph analysis. In 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). IEEE. 2018. p. 212-217. Track 2: Security Track 1 doi: 10.1109/TrustCom/BigDataSE.2018.00041

A reinforcement learning approach for attack graph analysis

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Documents and Links

Other files and links

Fingerprint

Cite this