Home » Publication » 14028

Dettaglio pubblicazione

2018, ICDCN '18 Proceedings of the 19th International Conference on Distributed Computing and Networking, Pages -

An attack graph-based on-line multi-step attack detector (04b Atto di convegno in volume)

Angelini Marco, Bonomi Silvia, Borzi Emanuele, Del Pozzo Antonella, Lenti Simone, Santucci Giuseppe

Modern distributed systems are characterized by complex deployment designed to ensure high availability through replication and diversity, to tolerate the presence of failures and to limit the possibility of successful compromising. However, software is not free from bugs that generate vulnerabilities that could be exploited by an attacker through multiple steps. This paper presents an attack-graph based multi-step attack detector aiming at detecting a possible on-going attack early enough to take proper countermeasures through; a Visualization interfaced with the described attack detector presents the security operator with the relevant pieces of information, allowing a better comprehension of the network status and providing assistance in managing attack situations (i.e., reactive analysis mode). We first propose an architecture and then we present the implementation of each building block. Finally, we provide an evaluation of the proposed approach aimed at highlighting the existing trade-off between accuracy of the detection and detection time.
ISBN: 9781450363723
Gruppo di ricerca: Cybersecurity
© Università degli Studi di Roma "La Sapienza" - Piazzale Aldo Moro 5, 00185 Roma