A reinforcement learning approach for attack graph analysis

Mehdi Yousefi, Nhamo Mtetwa, Yan Zhang, Huaglory Tianfield

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    47 Downloads (Pure)

    Abstract

    Attack graph approach is a common tool for the analysis of network security. However, analysis of attack graphs could be complicated and difficult depending on the attack graph size. This paper presents an approximate analysis approach for attack graphs based on Q-learning. First, we employ multi-host multi-stage vulnerability analysis (MulVAL) to generate an attack graph for a given network topology. Then we refine the attack graph and generate a simplified graph called a transition graph. Next, we use a Q-learning model to find possible attack routes that an attacker could use to compromise the security of the network. Finally, we evaluate the approach by applying it to a typical IT network scenario with specific services, network configurations, and vulnerabilities.
    Original languageEnglish
    Title of host publication2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)
    PublisherIEEE
    Pages212-217
    Number of pages6
    ISBN (Electronic)9781538643884
    ISBN (Print)9781538643891
    DOIs
    Publication statusPublished - 6 Sep 2018

    Publication series

    Name
    ISSN (Electronic)2324-9013

    Fingerprint

    Network security
    Reinforcement learning
    Topology

    Keywords

    • cyber security
    • reinforcement learning
    • Q-learning
    • attack graph

    Cite this

    Yousefi, M., Mtetwa, N., Zhang, Y., & Tianfield, H. (2018). A reinforcement learning approach for attack graph analysis. In 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE) (pp. 212-217). [Track 2: Security Track 1] IEEE. https://doi.org/10.1109/TrustCom/BigDataSE.2018.00041
    Yousefi, Mehdi ; Mtetwa, Nhamo ; Zhang, Yan ; Tianfield, Huaglory. / A reinforcement learning approach for attack graph analysis. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). IEEE, 2018. pp. 212-217
    @inproceedings{b3c4e3db3a424c7fa565fc8b84e8e0fa,
    title = "A reinforcement learning approach for attack graph analysis",
    abstract = "Attack graph approach is a common tool for the analysis of network security. However, analysis of attack graphs could be complicated and difficult depending on the attack graph size. This paper presents an approximate analysis approach for attack graphs based on Q-learning. First, we employ multi-host multi-stage vulnerability analysis (MulVAL) to generate an attack graph for a given network topology. Then we refine the attack graph and generate a simplified graph called a transition graph. Next, we use a Q-learning model to find possible attack routes that an attacker could use to compromise the security of the network. Finally, we evaluate the approach by applying it to a typical IT network scenario with specific services, network configurations, and vulnerabilities.",
    keywords = "cyber security, reinforcement learning, Q-learning, attack graph",
    author = "Mehdi Yousefi and Nhamo Mtetwa and Yan Zhang and Huaglory Tianfield",
    note = "Acceptance in SAN AAM: no embargo Applied 'no exception' - access non-compliance. ET 14/11/19",
    year = "2018",
    month = "9",
    day = "6",
    doi = "10.1109/TrustCom/BigDataSE.2018.00041",
    language = "English",
    isbn = "9781538643891",
    publisher = "IEEE",
    pages = "212--217",
    booktitle = "2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)",

    }

    Yousefi, M, Mtetwa, N, Zhang, Y & Tianfield, H 2018, A reinforcement learning approach for attack graph analysis. in 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)., Track 2: Security Track 1, IEEE, pp. 212-217. https://doi.org/10.1109/TrustCom/BigDataSE.2018.00041

    A reinforcement learning approach for attack graph analysis. / Yousefi, Mehdi; Mtetwa, Nhamo; Zhang, Yan; Tianfield, Huaglory.

    2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). IEEE, 2018. p. 212-217 Track 2: Security Track 1.

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    TY - GEN

    T1 - A reinforcement learning approach for attack graph analysis

    AU - Yousefi, Mehdi

    AU - Mtetwa, Nhamo

    AU - Zhang, Yan

    AU - Tianfield, Huaglory

    N1 - Acceptance in SAN AAM: no embargo Applied 'no exception' - access non-compliance. ET 14/11/19

    PY - 2018/9/6

    Y1 - 2018/9/6

    N2 - Attack graph approach is a common tool for the analysis of network security. However, analysis of attack graphs could be complicated and difficult depending on the attack graph size. This paper presents an approximate analysis approach for attack graphs based on Q-learning. First, we employ multi-host multi-stage vulnerability analysis (MulVAL) to generate an attack graph for a given network topology. Then we refine the attack graph and generate a simplified graph called a transition graph. Next, we use a Q-learning model to find possible attack routes that an attacker could use to compromise the security of the network. Finally, we evaluate the approach by applying it to a typical IT network scenario with specific services, network configurations, and vulnerabilities.

    AB - Attack graph approach is a common tool for the analysis of network security. However, analysis of attack graphs could be complicated and difficult depending on the attack graph size. This paper presents an approximate analysis approach for attack graphs based on Q-learning. First, we employ multi-host multi-stage vulnerability analysis (MulVAL) to generate an attack graph for a given network topology. Then we refine the attack graph and generate a simplified graph called a transition graph. Next, we use a Q-learning model to find possible attack routes that an attacker could use to compromise the security of the network. Finally, we evaluate the approach by applying it to a typical IT network scenario with specific services, network configurations, and vulnerabilities.

    KW - cyber security

    KW - reinforcement learning

    KW - Q-learning

    KW - attack graph

    UR - http://www.cloud-conf.net/trustcom18/

    U2 - 10.1109/TrustCom/BigDataSE.2018.00041

    DO - 10.1109/TrustCom/BigDataSE.2018.00041

    M3 - Conference contribution

    SN - 9781538643891

    SP - 212

    EP - 217

    BT - 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)

    PB - IEEE

    ER -

    Yousefi M, Mtetwa N, Zhang Y, Tianfield H. A reinforcement learning approach for attack graph analysis. In 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). IEEE. 2018. p. 212-217. Track 2: Security Track 1 https://doi.org/10.1109/TrustCom/BigDataSE.2018.00041

    Documents and Links

    • Yousefi, M. et al (2018) A Reinforcement Learning Approach for Attack Graph Analysis

      © 2018 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.

      Accepted author manuscript, 672 KB