Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Efficient attack graph analysis through approximate inference
Muñoz-González L., Sgandurra D., Paudice A., Lupu E. ACM Transactions on Privacy and Security20 (3):1-30,2017.Type:Article
Date Reviewed: Jan 24 2018

In the course of this very well-written and interesting research paper, the authors attempt to show how an existing technique can be employed to analyze attack graphs. In computer security, the analysis of attack graphs has been extensively used to assess network risks and mitigate potential threats. In general, this subject is quite critical (especially for administrators of large networks), and this approach is a step toward this objective.

Loopy belief propagation (LBP) is an approximate inference technique proposed by Pearl in 1988 [1]. By applying LBP to Bayesian attack graphs (BAGs), the authors show that the approach can indeed analyze attack graphs, either statically or dynamically, in an effective manner. This is backed by an extensive evaluation in terms of both time and memory consumption. A very positive aspect of their evaluation is that all the code that was used is available online. In addition, the authors attempt to test their technique against the state-of-the-art technique for inference in BAGs (the junction tree algorithm) with positive results. This is of high importance because all novel techniques should be compared to the state of the art regardless of the scientific field.

The paper is also well structured and easy to follow. For instance, the authors helpfully provide a small example of a small corporate network at the end of section 3 to highlight the Bayesian model discussed earlier. Also, the approach seems theoretically stable, and it is backed by several mathematical definitions. Furthermore, it is interesting how the authors incorporate the false alarms of intrusion detection systems and the potential existence of zero-day vulnerabilities (by introducing the leak factor). A tricky assumption in the model could be the usage of the common vulnerability scoring system (CVSS) score as the probability of an attacker exploiting a defect. This is because this score concerns the impact of the defect. However, the authors discuss this in the different conditions of their model.

In conclusion, this is a high-quality paper that is easy to follow, and it can be a good read for researchers that do not have an extensive background in attack graph analysis (also due to its comprehensive related work background sections).

Reviewer:  Dimitris Mitropoulos Review #: CR145805 (1805-0228)
1) Pearl, J. Probabilistic reasoning in intelligent systems. Morgan Kaufmann, San Mateo, CA, 1988.
Bookmark and Share
 
Real-Time And Embedded Systems (C.3 ... )
 
Would you recommend this review?
yes
no
Other reviews under "Real-Time And Embedded Systems": Date
Real-time and systems programming for PCs
Vickery C., McGraw-Hill, Inc., New York, NY, 1993. Type: Book (9780070674660)
Oct 1 1994
Manipulation of terrain data for a real-time display application
Vaughan J., Brookes G., Fletcher M., Wills D. Microprocessors & Microsystems 15(7): 347-353, 1991. Type: Article
Apr 1 1993
Parallel processing in industrial real-time applications
Lawson H., Prentice-Hall, Inc., Upper Saddle River, NJ, 1992. Type: Book (9780136545187)
Jun 1 1994
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy