nach oben

Erschienen in:

2024 | OriginalPaper | Buchkapitel

Cyber Key Terrain Identification Using Adjusted PageRank Centrality

verfasst von : Lukáš Sadlek, Pavel Čeleda

Erschienen in: ICT Systems Security and Privacy Protection

Verlag: Springer Nature Switzerland

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The cyber terrain contains devices, network services, cyber personas, and other network entities involved in network operations. Designing a method that automatically identifies key network entities to network operations is challenging. However, such a method is essential for determining which cyber assets should the cyber defense focus on. In this paper, we propose an approach for the classification of IP addresses belonging to cyber key terrain according to their network position using the PageRank centrality computation adjusted by machine learning. We used hill climbing and random walk algorithms to distinguish PageRank’s damping factors based on source and destination ports captured in IP flows. The one-time learning phase on a static data sample allows near-real-time stream-based classification of key hosts from IP flow data in operational conditions without maintaining a complete network graph. We evaluated the approach on a dataset from a cyber defense exercise and on data from the campus network. The results show that cyber key terrain identification using the adjusted computation of centrality is more precise than its original version.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel MADONNA: Browser-Based MAlicious Domain Detection Through Optimized Neural Network with Feature Analysis

Nächstes Kapitel Machine Learning Metrics for Network Datasets Evaluation

Barreto, A.B., Costa, P.C.: Cyber-ARGUS - a mission assurance framework. J. Netw. Comput. Appl. 133, 86–108 (2019). https://doi.org/10.1016/j.jnca.2019.02.001CrossRef

Brin, S., Page, L.: The anatomy of a large-scale hypertextual web search engine. Comput. Netw. ISDN Syst. 30(1), 107–117 (1998). https://doi.org/10.1016/S0169-7552(98)00110-XCrossRef

Caralli, R.A., Allen, J.H., White, D.W.: CERT Resilience Management Model - CERT-RMM. Addison-Wesley Educational Publishers Inc. (2016)

Gartner Unveils the Top Eight Cybersecurity Predictions for 2022-23. Gartner, Inc. https://www.gartner.com/en/newsroom/press-releases/2022-06-21-gartner-unveils-the-top-eight-cybersecurity-predictio. Accessed 3 Feb 2023

Goodall, J.R., D’Amico, A., Kopylec, J.K.: Camus: automatically mapping cyber assets to missions and users. In: MILCOM 2009-2009 IEEE Military Communications Conference, pp. 1–7. IEEE (2009). https://doi.org/10.1109/MILCOM.2009.5380096

Guion, J., Reith, M.: Cyber terrain mission mapping: tools and methodologies. In: 2017 International Conference on Cyber Conflict (CyCon US), pp. 105–111. IEEE (2017). https://doi.org/10.1109/CYCONUS.2017.8167504

Hofstede, R., et al.: Flow monitoring explained: from packet capture to data analysis with NetFlow and IPFIX. IEEE Commun. Surv. Tutor. 16(4), 2037–2064 (2014). https://doi.org/10.1109/COMST.2014.2321898CrossRef

Jacobson, S.H., Yücesan, E.: Analyzing the performance of generalized hill climbing algorithms. J. Heuristics 10, 387–405 (2004). https://doi.org/10.1023/B:HEUR.0000034712.48917.a9CrossRef

Kay, B., Lu, H., Devineni, P., Tabassum, A., Chintavali, S., Lee, S.M.: Identification of critical infrastructure via PageRank. In: 2021 IEEE International Conference on Big Data (Big Data), pp. 3685–3690 (2021). https://doi.org/10.1109/BigData52589.2021.9671620

10.

Kim, A., Kang, M.H.: Determining asset criticality for cyber defense. Technical report, Naval Research Laboratory (2011). https://apps.dtic.mil/sti/pdfs/ADA550373.pdf

11.

Motzek, A., Möller, R.: Context- and bias-free probabilistic mission impact assessment. Comput. Secur. 65, 166–186 (2017). https://doi.org/10.1016/j.cose.2016.11.005CrossRef

12.

Musman, S., Tanner, M., Temin, A., Elsaesser, E., Loren, L.: A systems engineering approach for crown jewels estimation and mission assurance decision making. In: 2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS), pp. 210–216. IEEE (2011). https://doi.org/10.1109/CICYBS.2011.5949403

13.

Netbox documentation (2022). https://netbox.readthedocs.io/en/stable/. Accessed 15 Dec 2022

14.

Noel, S., Dudman, T., Trepagnier, P., Badesha, S.: Mission models for cyber-resilient military operations. Technical report, MIT Lincoln Laboratory Lexington United States (2018). https://apps.dtic.mil/sti/pdfs/AD1091410.pdf

15.

Oliva, G., Esposito Amideo, A., Starita, S., Setola, R., Scaparra, M.P.: Aggregating centrality rankings: a novel approach to detect critical infrastructure vulnerabilities. In: Nadjm-Tehrani, S. (ed.) CRITIS 2019. LNCS, vol. 11777, pp. 57–68. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-37670-3_5CrossRef

16.

Orion Platform – Scalable IT Monitoring. SolarWinds (2022). https://www.solarwinds.com/solutions/orion. Accessed 15 Dec 2022

17.

Raymond, D., Cross, T., Conti, G., Nowatkowski, M.: Key terrain in cyberspace: seeking the high ground. In: 2014 6th International Conference on Cyber Conflict (CyCon 2014), pp. 287–300 (2014). https://doi.org/10.1109/CYCON.2014.6916409

18.

Rozenshtein, P., Gionis, A.: Temporal PageRank. In: Frasconi, P., Landwehr, N., Manco, G., Vreeken, J. (eds.) ECML PKDD 2016. LNCS, vol. 9852, pp. 674–689. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-46227-1_42CrossRef

19.

Sadlek, L., Čeleda, P.: Supplementary materials: cyber key terrain identification using adjusted PageRank centrality. Zenodo (2023). https://doi.org/10.5281/zenodo.7884228. Accessed 2 May 2023

20.

Selman, B., Kautz, H.A., Cohen, B., et al.: Noise strategies for improving local search. In: AAAI, vol. 94, pp. 337–343 (1994). https://cdn.aaai.org/AAAI/1994/AAAI94-051.pdf

21.

Silva, F.R.L., Jacob, P.: Mission-centric risk assessment to improve cyber situational awareness. In: Proceedings of the 13th International Conference on Availability, Reliability and Security. ARES 2018. Association for Computing Machinery, New York (2018). https://doi.org/10.1145/3230833.3233281

22.

Stergiopoulos, G., Theocharidou, M., Kotzanikolaou, P., Gritzalis, D.: Using centrality measures in dependency risk graphs for efficient risk mitigation. In: Rice, M., Shenoi, S. (eds.) ICCIP 2015. IFIPAICT, vol. 466, pp. 299–314. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-26567-4_18CrossRef

23.

Sun, X., Singhal, A., Liu, P.: Who touched my mission: towards probabilistic mission impact assessment. In: Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense. SafeConfig 2015, pp. 21–26. Association for Computing Machinery, New York (2015). https://doi.org/10.1145/2809826.2809834

24.

Tovarňák, D., Špaček, S., Vykopal, J.: Traffic and log data captured during a cyber defense exercise. Data Brief 31, 105784 (2020). https://doi.org/10.1016/j.dib.2020.105784CrossRef

25.

Tovarňák, D., Špaček, S., Vykopal, J.: Traffic and log data captured during a cyber defense exercise. Zenodo (2020). https://doi.org/10.5281/zenodo.3746129. Accessed 9 Mar 2023

26.

Trammell, B., Boschi, E.: Bidirectional flow export using IP Flow Information Export (IPFIX). RFC 5103, Internet Engineering Task Force (2008). http://www.ietf.org/rfc/rfc5103.txt. Accessed 5 Mar 2023

Titel: Cyber Key Terrain Identification Using Adjusted PageRank Centrality
verfasst von: Lukáš Sadlek
Pavel Čeleda
Verlag: Springer Nature Switzerland
Buch: ICT Systems Security and Privacy Protection
Print ISBN: 978-3-031-56325-6

Electronic ISBN: 978-3-031-56326-3

Copyright-Jahr: 2024
DOI: https://doi.org/10.1007/978-3-031-56326-3_21

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner