Graph Coarsening for Path Finding in Cybersecurity Graphs
n the pass-the-hash attack, hackers repeatedly steal password hashes and move through a computer network with the goal of reaching a computer with high level administrative privileges. In this paper we apply graph coarsening in network graphs for the purpose of detecting hackers using this attack or assessing the risk level of the network's current state. We repeatedly take graph minors, which preserve the existence of paths in the graph, and take powers of the adjacency matrix to count the paths. This allows us to detect the existence of paths as well as find paths that have high risk of being used by adversaries.
- Research Organization:
- Pacific Northwest National Lab. (PNNL), Richland, WA (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC05-76RL01830
- OSTI ID:
- 1148631
- Report Number(s):
- PNNL-SA-90064
- Resource Relation:
- Conference: Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop (CSIIRW 2013), January 8-10, 2013, Oak Ridge, Tennessee, Paper No. 7
- Country of Publication:
- United States
- Language:
- English
Similar Records
A graph-based system for network-vulnerability analysis
Inferring adversarial behaviour in cyber‐physical power systems using a Bayesian attack graph approach
A Graph-Based Impact Metric for Mitigating Lateral Movement Cyber Attacks
Conference
·
Mon Jun 01 00:00:00 EDT 1998
·
OSTI ID:1148631
Inferring adversarial behaviour in cyber‐physical power systems using a Bayesian attack graph approach
Journal Article
·
Sat Feb 11 00:00:00 EST 2023
· IET Cyber-Physical Systems: Theory & Applications
·
OSTI ID:1148631
A Graph-Based Impact Metric for Mitigating Lateral Movement Cyber Attacks
Conference
·
Fri Nov 04 00:00:00 EDT 2016
·
OSTI ID:1148631