A reinforcement learning approach for attack graph analysis

Mehdi Yousefi, Nhamo Mtetwa, Yan Zhang, Huaglory Tianfield

    Research output: Chapter in Book/Report/Conference proceedingConference contribution

    38 Citations (Scopus)
    1320 Downloads (Pure)

    Abstract

    Attack graph approach is a common tool for the analysis of network security. However, analysis of attack graphs could be complicated and difficult depending on the attack graph size. This paper presents an approximate analysis approach for attack graphs based on Q-learning. First, we employ multi-host multi-stage vulnerability analysis (MulVAL) to generate an attack graph for a given network topology. Then we refine the attack graph and generate a simplified graph called a transition graph. Next, we use a Q-learning model to find possible attack routes that an attacker could use to compromise the security of the network. Finally, we evaluate the approach by applying it to a typical IT network scenario with specific services, network configurations, and vulnerabilities.
    Original languageEnglish
    Title of host publication2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)
    PublisherIEEE
    Pages212-217
    Number of pages6
    ISBN (Electronic)9781538643884
    ISBN (Print)9781538643891
    DOIs
    Publication statusPublished - 6 Sept 2018
    EventThe 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications - New York, United States
    Duration: 31 Jul 20183 Aug 2018
    https://ieeexplore.ieee.org/servlet/opac?punumber=8454845

    Publication series

    Name
    ISSN (Electronic)2324-9013

    Conference

    ConferenceThe 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications
    Abbreviated titleIEEE TrustCom-18
    Country/TerritoryUnited States
    CityNew York
    Period31/07/183/08/18
    Internet address

    Keywords

    • cyber security
    • reinforcement learning
    • Q-learning
    • attack graph

    ASJC Scopus subject areas

    • Information Systems and Management
    • Information Systems
    • Safety, Risk, Reliability and Quality
    • Hardware and Architecture
    • Computer Networks and Communications

    Fingerprint

    Dive into the research topics of 'A reinforcement learning approach for attack graph analysis'. Together they form a unique fingerprint.

    Cite this