Modeling stepping stone attacks with constraints in cyber infrastructure

Marco A. Gamarra, Sachin Shetty, David M. Nicol, Laurent Njilla, Oscar R. Gonzalez

Research output: Contribution to journalConference articlepeer-review

Abstract

Most cyber attacks involve an attacker launching a multi-stage attack by exploiting a sequence of hosts. This multistage attack generates a chain of "stepping stones" from the origin to target. The choice of stepping stones is a function of the degree of exploitability, the impact, attacker's capability, masking origin location, and intent. In this paper, we model and analyze scenarios wherein an attacker employs multiple strategies to choose stepping stones. The problem is modeled as an Adjacency Quadratic Shortest Path using dynamic vulnerability graphs with multi-agent dynamic system approach. Using this approach, the shortest stepping stone attack with maximum node degree and the shortest stepping stone attack with maximum impact are modeled and analyzed.

Original languageEnglish (US)
Article number9014266
JournalProceedings - IEEE Global Communications Conference, GLOBECOM
DOIs
StatePublished - 2019
Event2019 IEEE Global Communications Conference, GLOBECOM 2019 - Waikoloa, United States
Duration: Dec 9 2019Dec 13 2019

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications
  • Hardware and Architecture
  • Signal Processing

Fingerprint

Dive into the research topics of 'Modeling stepping stone attacks with constraints in cyber infrastructure'. Together they form a unique fingerprint.

Cite this