Software vulnerabilities represent one of the main weaknesses of an Information Technology (IT) system w.r.t. cyber attacks and nowadays consolidated official data, like the Common Vulnerability Exposure (CVE) dictionary, provide precise and reliable details about them. This information, together with the identification of priority systems to defend allows for inspecting the network structure and the most probable paths an attacker is likely to follow to reach sensible resources, with the main goal of identify suitable mitigation actions that reduce the risk of an attack. Some of these mitigation actions can be applied without further delay, some of them, instead, imply a high operational impact on the organization business that makes their usage convenient only when an attack is really on the way. Dealing with this issue is particularly challenging in the context of critical infrastructure where, even if patches are available, organization mission constraints create obstacles to their straightforward application. In this scenario, security operators are forced to deal with known vulnerabilities that cannot be patched and they spend a noticeable effort in proactive analysis, devising countermeasures that can mitigate the effect of a possible attack. This paper presents a Multi-step cyber Attack Detection (MAD) Visual Analytics solution aiming at assisting security operators in improving their network security by analyzing the possible attacks and identifying suitable mitigations. Moreover, during an attack, the system visually presents the security operator with the relevant pieces of information allowing a better comprehension of the attack status and its probable evolution, in order to make decisions on the possible countermeasures.

MAD: A visual analytics solution for Multi-step cyber Attacks Detection / Angelini, M.; Bonomi, S.; Lenti, S.; Santucci, G.; Taggi, S.. - In: JOURNAL OF COMPUTER LANGUAGES. - ISSN 2590-1184. - 52:(2019), pp. 10-24. [10.1016/j.cola.2018.12.007]

MAD: A visual analytics solution for Multi-step cyber Attacks Detection

Angelini M.
Co-primo
;
Bonomi S.
Co-primo
;
Lenti S.
Co-primo
;
Santucci G.
Co-primo
;
Taggi, Stefano
Co-primo
2019

Abstract

Software vulnerabilities represent one of the main weaknesses of an Information Technology (IT) system w.r.t. cyber attacks and nowadays consolidated official data, like the Common Vulnerability Exposure (CVE) dictionary, provide precise and reliable details about them. This information, together with the identification of priority systems to defend allows for inspecting the network structure and the most probable paths an attacker is likely to follow to reach sensible resources, with the main goal of identify suitable mitigation actions that reduce the risk of an attack. Some of these mitigation actions can be applied without further delay, some of them, instead, imply a high operational impact on the organization business that makes their usage convenient only when an attack is really on the way. Dealing with this issue is particularly challenging in the context of critical infrastructure where, even if patches are available, organization mission constraints create obstacles to their straightforward application. In this scenario, security operators are forced to deal with known vulnerabilities that cannot be patched and they spend a noticeable effort in proactive analysis, devising countermeasures that can mitigate the effect of a possible attack. This paper presents a Multi-step cyber Attack Detection (MAD) Visual Analytics solution aiming at assisting security operators in improving their network security by analyzing the possible attacks and identifying suitable mitigations. Moreover, during an attack, the system visually presents the security operator with the relevant pieces of information allowing a better comprehension of the attack status and its probable evolution, in order to make decisions on the possible countermeasures.
2019
Attack graph; Critical infrastructure; Cyber security; Multi-step attacks; Security visualization; Situational awareness; Visual analytics; Vulnerabilities
01 Pubblicazione su rivista::01a Articolo in rivista
MAD: A visual analytics solution for Multi-step cyber Attacks Detection / Angelini, M.; Bonomi, S.; Lenti, S.; Santucci, G.; Taggi, S.. - In: JOURNAL OF COMPUTER LANGUAGES. - ISSN 2590-1184. - 52:(2019), pp. 10-24. [10.1016/j.cola.2018.12.007]
File allegati a questo prodotto
File Dimensione Formato  
Angelini_MAD_2019.pdf

solo gestori archivio

Tipologia: Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza: Tutti i diritti riservati (All rights reserved)
Dimensione 5.9 MB
Formato Adobe PDF
5.9 MB Adobe PDF   Contatta l'autore

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11573/1331778
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 18
  • ???jsp.display-item.citation.isi??? 15
social impact