A Graph Analytic Metric for Mitigating Advanced Persistent Threat
Abstract
This paper introduces a novel graph analytic metric that can be used to measure the potential vulnerability of a cyber network to specific types of attacks that use lateral movement and privilege escalation such as the well known Pass The Hash, (PTH). The metric is computed from an oriented subgraph of the underlying cyber network induced by selecting only those edges for which a given property holds between the two vertices of the edge. The metric with respect to a select node on the subgraph is defined as the likelihood that the select node is reachable from another arbitrary node in the graph. This metric can be calculated dynamically from the authorization and auditing layers during the network security authorization phase and will potentially enable predictive deterrence against attacks such as PTH.
- Authors:
- Publication Date:
- Research Org.:
- Pacific Northwest National Lab. (PNNL), Richland, WA (United States)
- Sponsoring Org.:
- USDOE
- OSTI Identifier:
- 1126353
- Report Number(s):
- PNNL-SA-96499
- DOE Contract Number:
- AC05-76RL01830
- Resource Type:
- Conference
- Resource Relation:
- Conference: IEEE International Conference on Intelligence and Security Informatics (ISI 2013), June 4-7, 2013, Seattle, Washington, 129-133
- Country of Publication:
- United States
- Language:
- English
- Subject:
- cybersecurity; graph analytics; discrete mathematics
Citation Formats
Johnson, John R., and Hogan, Emilie A. A Graph Analytic Metric for Mitigating Advanced Persistent Threat. United States: N. p., 2013.
Web. doi:10.1109/ISI.2013.6578801.
Johnson, John R., & Hogan, Emilie A. A Graph Analytic Metric for Mitigating Advanced Persistent Threat. United States. https://doi.org/10.1109/ISI.2013.6578801
Johnson, John R., and Hogan, Emilie A. 2013.
"A Graph Analytic Metric for Mitigating Advanced Persistent Threat". United States. https://doi.org/10.1109/ISI.2013.6578801.
@article{osti_1126353,
title = {A Graph Analytic Metric for Mitigating Advanced Persistent Threat},
author = {Johnson, John R. and Hogan, Emilie A.},
abstractNote = {This paper introduces a novel graph analytic metric that can be used to measure the potential vulnerability of a cyber network to specific types of attacks that use lateral movement and privilege escalation such as the well known Pass The Hash, (PTH). The metric is computed from an oriented subgraph of the underlying cyber network induced by selecting only those edges for which a given property holds between the two vertices of the edge. The metric with respect to a select node on the subgraph is defined as the likelihood that the select node is reachable from another arbitrary node in the graph. This metric can be calculated dynamically from the authorization and auditing layers during the network security authorization phase and will potentially enable predictive deterrence against attacks such as PTH.},
doi = {10.1109/ISI.2013.6578801},
url = {https://www.osti.gov/biblio/1126353},
journal = {},
number = ,
volume = ,
place = {United States},
year = {Tue Jun 04 00:00:00 EDT 2013},
month = {Tue Jun 04 00:00:00 EDT 2013}
}