Exploiting domination in attack graph for enterprise network hardening

Abstract

Attack graph proved to be a tool of great value to an administrator while analyzing security vulnerabilities in a networked environment. It shows all possible attack scenarios in an enterprise network. Even though attack graphs are generated efficiently, the size and complexity of the graphs prevent an administrator from fully understanding the information portrayed. While an administrator will quickly perceive the possible attack scenario, it is typically tough to know what vulnerabilities are vital to the success of an adversary. An administrator has to identify such vulnerabilities and associated/enabling preconditions, which really matters in preventing an adversary from successfully compromising the enterprise network. Extraction of such meaningful information aid administrator in efficiently allocating scarce security resources. In this paper, we have applied a well known concept of domination in directed graphs to the exploit-dependency attack graph generated for a synthetic network. The minimal dominating set (MDS) computed over the generated attack graph gives us the set of initial preconditions that covers all the exploits in the attack graph. We model the problem of computing MDS as a set cover problem (SCP). We have presented a small case study to demonstrate the effectiveness and relevancy of the proposed approach. Initial results show that our minimal dominating set-based approach is capable of finding the sets with minimal number of initial conditions that need to be disabled for improved network security.