A graph analytic metric for mitigating advanced persistent threat

Author

Johnson, James R. ; Hogan, Emilie A.

Author_Institution

Pacific Northwest Nat. Lab., Richland, WA, USA

fYear

2013

fDate

4-7 June 2013

Firstpage

129

Lastpage

133

Abstract

This paper introduces a novel graph analytic metric that can be used to measure the potential vulnerability of a cyber network to specific types of attacks that use lateral movement and privilege escalation such as the well-known Pass The Hash, (PTH). The metric is computed from an oriented subgraph of the underlying cyber network induced by selecting only those edges for which a given property holds between the two vertices of the edge. The metric with respect to a select node on the subgraph is defined as the likelihood that the select node is reachable from another arbitrary node in the graph. This metric can be calculated dynamically from the authorization and auditing layers during the network security authorization phase and will potentially enable predictive deterrence against attacks such as PTH.

Keywords

authorisation; computer network security; graph theory; advanced persistent threat mitigation; auditing layers; authorization layers; cyber network vulnerability; edge selection; edge vertices; graph analytic metrics; lateral movement; network security authorization phase; node selection; oriented subgraph; predictive deterrence; privilege escalation; Authentication; Authorization; Graph theory; Heuristic algorithms; Measurement; Presses; cybersecurity; discrete mathematics; graph theory;

fLanguage

English

Publisher

ieee

Conference_Titel

Intelligence and Security Informatics (ISI), 2013 IEEE International Conference on

Conference_Location

Seattle, WA

Print_ISBN

978-1-4673-6214-6

Type

conf

DOI

10.1109/ISI.2013.6578801

Filename

6578801