Skip to main content
SpringerLink
Log in

Toward Cyber-Resiliency Metrics for Action Recommendations Against Lateral Movement Attacks

  • Chapter
  • First Online:
Industrial Control Systems Security and Resiliency

Part of the book series: Advances in Information Security ((ADIS,volume 75))

Abstract

Lateral movement attacks are a serious threat to enterprise security. In these attacks, an attacker compromises a trusted user account to get a foothold into the enterprise network and uses it to attack other trusted users, increasingly gaining higher and higher privileges. Such lateral attacks are very hard to model because of the unwitting role that users play in the attack and even harder to detect and prevent because of their low and slow nature. In this chapter, a theoretical framework is presented for modeling lateral movement attacks and for designing resilient cyber-systems against such attacks. The enterprise is modeled as a tripartite graph capturing the interactions between users, machines, and applications, and a set of procedures is proposed to harden the network by increasing the cost of lateral movement. Strong theoretical guarantees on system resilience are established and experimentally validated for large enterprise networks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. H. Tong, B.A. Prakash, T. Eliassi-Rad, M. Faloutsos, C. Faloutsos, Gelling and melting, large graphs by edge manipulation, in Proceedings of the 2012 ACM International Conference on Information and Knowledge Management, pp. 245–254, 2012, https://doi.org/10.1145/2396761.2396795.

  2. H. Goldman, R. McQuaid, J. Picciotto, Cyber-resilience for mission assurance, in Proceedings of the 2011 IEEE International Conference on Technologies for Homeland Security (HST), pp. 236–241, 2011, https://doi.org/10.1109/THS.2011.6107877.

  3. N. Provos, M. Friedl, P. Honeyman, Preventing privilege escalation, in Proceedings of the 2003 USENIX Security Symposium, 2003.

    Google Scholar 

  4. S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, A.-R. Sadeghi, B. Shastry, Towards taming privilege-escalation attacks on android, in Proceedings of the 2012 Network and Distributed Systems Security, p. 19, 2012.

    Google Scholar 

  5. P.-Y. Chen, C.-C. Lin, S.-M. Cheng, H.-C. Hsiao, C.-Y. Huang, Decapitation via digital epidemics: A bio-inspired transmissive attack. IEEE Commun. Mag. 54, 75–81 (2016). https://doi.org/10.1109/MCOM.2016.7497770

    Article  Google Scholar 

  6. L. Xing, X. Pan, R. Wang, K. Yuan, X. Wang, Upgrading your Android, elevating my malware: privilege escalation through mobile OS updating, in Proceedings of the 2014 IEEE Symposium on Security and Privacy, pp. 393–408, 2014, https://doi.org/10.1109/SP.2014.32

  7. T. Das, R. Bhagwan, P. Naldurg, Baaz: a system for detecting access control misconfigurations, in Proceedings of the 2010 USENIX Security Symposium, pp. 161–176, 2010.

    Google Scholar 

  8. Y. Chen, S. Nyemba, B. Malin, Detecting anomalous insiders in collaborative information systems. IEEE Trans. Dependable Secure Comput. 9, 332–344 (2012). https://doi.org/10.1109/TDSC.2012.11

    Article  Google Scholar 

  9. A. Zheng, J. Dunagan, A. Kapoor, Active graph reachability reduction for network security and software engineering. IJCAI Artif. Intell. J. 22, 1750 (2011)

    Google Scholar 

  10. P.-Y. Chen, S.-M. Cheng, K.-C. Chen, Optimal control of epidemic information dissemination over networks. IEEE Trans. Cybern. 44, 2316–2328 (2014). https://doi.org/10.1109/TCYB.2014.2306781

    Article  Google Scholar 

  11. S.-M. Cheng, W.C. Ao, P.-Y. Chen, K.-C. Chen, On modeling malware propagation in generalized social networks. IEEE Commun. Lett. 15, 25–27 (2011). https://doi.org/10.1109/LCOMM.2010.01.100830

    Article  Google Scholar 

  12. A. Chapman, M. Nabi-Abdolyousefi, M. Mesbahi, Controllability and observability of network-of-networks via Cartesian products. IEEE Trans. Autom. Control 59, 2668–2679 (2014). https://doi.org/10.1109/TAC.2014.2328757

    Article  MathSciNet  MATH  Google Scholar 

  13. J. Gao, S.V. Buldyrev, S. Havlin, H.E. Stanley, Robustness of a network of networks. Phys. Rev. Lett. 107(195701) (2011). https://doi.org/10.1103/PhysRevLett.107.195701

  14. J. Ni, H. Tong, W. Fan, X. Zhang, Inside the atoms: ranking on a network of networks, in Proceedings of the 2014 ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1356–1365, 2014, https://doi.org/10.1145/2623330.2623643.

  15. M. Halappanavar, S. Choudhury, E. Hogan, P. Hui, J. Johnson, I. Ray, L. Holder, Towards a network-of-networks framework for cybersecurity, in Proceedings of the IEEE Intelligence and Security Informatics Conference, pp. 106–108, 2013.

    Google Scholar 

  16. P. Demeester, M. Gryseels, A. Autenrieth, C. Brianza, L. Castagna, G. Signorelli, R. Clemenfe, M. Ravera, A. Jajszczyk, D. Janukowicz, K.V. Doorselaere, Y. Harada, Resilience in multilayer networks. IEEE Commun. Mag. 37, 70–76 (1999). https://doi.org/10.1109/35.783128

    Article  Google Scholar 

  17. S. Choudhury, P.-Y. Chen, L. Rodriguez, D. Curtis, P. Nordquist, I. Ray, K. Oler, Action recommendation for cyber-resilience, in Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber-Defense, pp. 3–8, 2015, https://doi.org/10.1145/2809826.2809837.

  18. H. Chan, L. Akoglu, H. Tong, Make it or break it: manipulating robustness in large networks, in Proceedings of the 2014 SIAM International Conference on Data Mining, pp. 325–333, 2014, https://doi.org/10.1137/1.9781611973440.37.

  19. P.-Y. Chen, A.O. Hero, Assessing and safeguarding network resilience to nodal attacks. IEEE Commun. Mag. 52, 138–143 (2014). https://doi.org/10.1109/MCOM.2014.6957154

    Article  Google Scholar 

  20. L.A. Adamic, C. Faloutsos, T.J. Iwashyna, B.A. Prakash, H. Tong, Fractional immunization in networks, in Proceedings of the Siam International Conference on Data Mining, pp. 659–667, 2013, https://doi.org/10.1137/1.9781611972832.73.

  21. P. Hu, W.C. Lau, How to leak a 100-million-node social graph in just one week – a reflection on OAuth and API design in online. Soc. Networks (2014)

    Google Scholar 

  22. L.T. Le, T. Eliassi-Rad, H. Tong, MET: A fast algorithm for minimizing propagation in large graphs with small Eigen-gaps, in Proceedings of the 2015 SIAM International Conference on Data Mining, pp. 694–702, 2015, https://doi.org/10.1137/1.9781611974010.78.

  23. R.A. Horn, C.R. Johnson, Matrix Analysis (Cambridge University Press, New York, NY, 1990)

    Google Scholar 

  24. S. Fujishige, Submodular Functions and Optimization: Annals of Discrete Math (North Holland, Amsterdam, 1990)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. IBM Thomas J. Watson Research Center, Yorktown Heights, NY, USA

    Pin-Yu Chen

  2. Pacific Northwest National Laboratory, Richland, WA, USA

    Sutanay Choudhury & Luke Rodriguez

  3. EECS, University of Michigan, Ann Arbor, MI, USA

    Alfred O. Hero

  4. Department of Computer Science, Colorado State University, Ft. Collins, CO, USA

    Indrajit Ray

Authors
  1. Pin-Yu Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sutanay Choudhury
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Luke Rodriguez
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Alfred O. Hero
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Indrajit Ray
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sutanay Choudhury .

Editor information

Editors and Affiliations

  1. Critical Infrastructure Security and Resilience, Idaho National Laboratory, Idaho Falls, ID, USA

    Craig Rieger

  2. Department of Computer Science, Colorado State University, Fort Collins, CO, USA

    Indrajit Ray

  3. Department of Electrical and Computer Engineering, Tandon School of Engineering New York University, Brooklyn, NY, USA

    Quanyan Zhu

  4. Department of Computer Science, University of Idaho, Idaho Falls, ID, USA

    Michael A. Haney

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Chen, PY., Choudhury, S., Rodriguez, L., Hero, A.O., Ray, I. (2019). Toward Cyber-Resiliency Metrics for Action Recommendations Against Lateral Movement Attacks. In: Rieger, C., Ray, I., Zhu, Q., Haney, M. (eds) Industrial Control Systems Security and Resiliency. Advances in Information Security, vol 75. Springer, Cham. https://doi.org/10.1007/978-3-030-18214-4_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-18214-4_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-18213-7

  • Online ISBN: 978-3-030-18214-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation