D 2024

Hierarchical Modeling of Cyber Assets in Kill Chain Attack Graphs

SADLEK, Lukáš; Martin HUSÁK and Pavel ČELEDA

Basic information

Original name

Hierarchical Modeling of Cyber Assets in Kill Chain Attack Graphs

Authors

SADLEK, Lukáš; Martin HUSÁK and Pavel ČELEDA

Edition

New York, NY, 2024 20th International Conference on Network and Service Management (CNSM), p. 1-5, 5 pp. 2024

Publisher

IFIP Open Digital Library, IEEE Xplore

Other information

Language

English

Type of outcome

Proceedings paper

Confidentiality degree

is not subject to a state or trade secret

Publication form

electronic version available online

References:

Organization

Ústav výpočetní techniky – Repository – Repository

ISBN

978-3-903176-66-9

ISSN

DOI

UT WoS

001414325200054

Keywords in English

attack graph;kill chain;cyber threat scenario;MITRE ATT; CK;MITRE D3FEND
Changed: 26/3/2025 00:50, RNDr. Daniel Jakubík

Abstract

V originále

amp;CK. In this paper, we propose a hierarchical modeling methodology for representing cyber assets in kill chain attack graphs. We illustrate its practical application on MITRE D3FEND’s Digital Artifact Ontology. Moreover, we define how cyber assets with related attack techniques should be transformed into logical facts and attack rules. We implemented proof-of-concept software modules that can process data obtained from network and host-based monitoring together with attack rules to generate attack graphs. We evaluated the approach with data from a cyber exercise captured in a network of a digital twin organization. The results show that the approach is applicable in real-world networks and can reveal ground-truth attacks.

Files attached

https://is.muni.cz/publication/2441297/2024_CNSM__Metamodeling_of_Cyber_Assets_KCAGs_paper.pdf File version
https://is.muni.cz/publication/2441297/2024_CNSM_Hierarchical_Modeling_of_Cyber_Assets_KCAGs_paper.pdf File version
https://is.muni.cz/publication/2441297/2024_CNSM_Hierarchical_Modeling_of_Cyber_Assets_KCAGs_poster.pdf