Abstract
Lateral movement attacks are a serious threat to enterprise security. In these attacks, an attacker compromises a trusted user account to get a foothold into the enterprise network and uses it to attack other trusted users, increasingly gaining higher and higher privileges. Such lateral attacks are very hard to model because of the unwitting role that users play in the attack and even harder to detect and prevent because of their low and slow nature. In this chapter, a theoretical framework is presented for modeling lateral movement attacks and for designing resilient cyber-systems against such attacks. The enterprise is modeled as a tripartite graph capturing the interactions between users, machines, and applications, and a set of procedures is proposed to harden the network by increasing the cost of lateral movement. Strong theoretical guarantees on system resilience are established and experimentally validated for large enterprise networks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
H. Tong, B.A. Prakash, T. Eliassi-Rad, M. Faloutsos, C. Faloutsos, Gelling and melting, large graphs by edge manipulation, in Proceedings of the 2012 ACM International Conference on Information and Knowledge Management, pp. 245–254, 2012, https://doi.org/10.1145/2396761.2396795.
H. Goldman, R. McQuaid, J. Picciotto, Cyber-resilience for mission assurance, in Proceedings of the 2011 IEEE International Conference on Technologies for Homeland Security (HST), pp. 236–241, 2011, https://doi.org/10.1109/THS.2011.6107877.
N. Provos, M. Friedl, P. Honeyman, Preventing privilege escalation, in Proceedings of the 2003 USENIX Security Symposium, 2003.
S. Bugiel, L. Davi, A. Dmitrienko, T. Fischer, A.-R. Sadeghi, B. Shastry, Towards taming privilege-escalation attacks on android, in Proceedings of the 2012 Network and Distributed Systems Security, p. 19, 2012.
P.-Y. Chen, C.-C. Lin, S.-M. Cheng, H.-C. Hsiao, C.-Y. Huang, Decapitation via digital epidemics: A bio-inspired transmissive attack. IEEE Commun. Mag. 54, 75–81 (2016). https://doi.org/10.1109/MCOM.2016.7497770
L. Xing, X. Pan, R. Wang, K. Yuan, X. Wang, Upgrading your Android, elevating my malware: privilege escalation through mobile OS updating, in Proceedings of the 2014 IEEE Symposium on Security and Privacy, pp. 393–408, 2014, https://doi.org/10.1109/SP.2014.32
T. Das, R. Bhagwan, P. Naldurg, Baaz: a system for detecting access control misconfigurations, in Proceedings of the 2010 USENIX Security Symposium, pp. 161–176, 2010.
Y. Chen, S. Nyemba, B. Malin, Detecting anomalous insiders in collaborative information systems. IEEE Trans. Dependable Secure Comput. 9, 332–344 (2012). https://doi.org/10.1109/TDSC.2012.11
A. Zheng, J. Dunagan, A. Kapoor, Active graph reachability reduction for network security and software engineering. IJCAI Artif. Intell. J. 22, 1750 (2011)
P.-Y. Chen, S.-M. Cheng, K.-C. Chen, Optimal control of epidemic information dissemination over networks. IEEE Trans. Cybern. 44, 2316–2328 (2014). https://doi.org/10.1109/TCYB.2014.2306781
S.-M. Cheng, W.C. Ao, P.-Y. Chen, K.-C. Chen, On modeling malware propagation in generalized social networks. IEEE Commun. Lett. 15, 25–27 (2011). https://doi.org/10.1109/LCOMM.2010.01.100830
A. Chapman, M. Nabi-Abdolyousefi, M. Mesbahi, Controllability and observability of network-of-networks via Cartesian products. IEEE Trans. Autom. Control 59, 2668–2679 (2014). https://doi.org/10.1109/TAC.2014.2328757
J. Gao, S.V. Buldyrev, S. Havlin, H.E. Stanley, Robustness of a network of networks. Phys. Rev. Lett. 107(195701) (2011). https://doi.org/10.1103/PhysRevLett.107.195701
J. Ni, H. Tong, W. Fan, X. Zhang, Inside the atoms: ranking on a network of networks, in Proceedings of the 2014 ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 1356–1365, 2014, https://doi.org/10.1145/2623330.2623643.
M. Halappanavar, S. Choudhury, E. Hogan, P. Hui, J. Johnson, I. Ray, L. Holder, Towards a network-of-networks framework for cybersecurity, in Proceedings of the IEEE Intelligence and Security Informatics Conference, pp. 106–108, 2013.
P. Demeester, M. Gryseels, A. Autenrieth, C. Brianza, L. Castagna, G. Signorelli, R. Clemenfe, M. Ravera, A. Jajszczyk, D. Janukowicz, K.V. Doorselaere, Y. Harada, Resilience in multilayer networks. IEEE Commun. Mag. 37, 70–76 (1999). https://doi.org/10.1109/35.783128
S. Choudhury, P.-Y. Chen, L. Rodriguez, D. Curtis, P. Nordquist, I. Ray, K. Oler, Action recommendation for cyber-resilience, in Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber-Defense, pp. 3–8, 2015, https://doi.org/10.1145/2809826.2809837.
H. Chan, L. Akoglu, H. Tong, Make it or break it: manipulating robustness in large networks, in Proceedings of the 2014 SIAM International Conference on Data Mining, pp. 325–333, 2014, https://doi.org/10.1137/1.9781611973440.37.
P.-Y. Chen, A.O. Hero, Assessing and safeguarding network resilience to nodal attacks. IEEE Commun. Mag. 52, 138–143 (2014). https://doi.org/10.1109/MCOM.2014.6957154
L.A. Adamic, C. Faloutsos, T.J. Iwashyna, B.A. Prakash, H. Tong, Fractional immunization in networks, in Proceedings of the Siam International Conference on Data Mining, pp. 659–667, 2013, https://doi.org/10.1137/1.9781611972832.73.
P. Hu, W.C. Lau, How to leak a 100-million-node social graph in just one week – a reflection on OAuth and API design in online. Soc. Networks (2014)
L.T. Le, T. Eliassi-Rad, H. Tong, MET: A fast algorithm for minimizing propagation in large graphs with small Eigen-gaps, in Proceedings of the 2015 SIAM International Conference on Data Mining, pp. 694–702, 2015, https://doi.org/10.1137/1.9781611974010.78.
R.A. Horn, C.R. Johnson, Matrix Analysis (Cambridge University Press, New York, NY, 1990)
S. Fujishige, Submodular Functions and Optimization: Annals of Discrete Math (North Holland, Amsterdam, 1990)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Chen, PY., Choudhury, S., Rodriguez, L., Hero, A.O., Ray, I. (2019). Toward Cyber-Resiliency Metrics for Action Recommendations Against Lateral Movement Attacks. In: Rieger, C., Ray, I., Zhu, Q., Haney, M. (eds) Industrial Control Systems Security and Resiliency. Advances in Information Security, vol 75. Springer, Cham. https://doi.org/10.1007/978-3-030-18214-4_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-18214-4_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-18213-7
Online ISBN: 978-3-030-18214-4
eBook Packages: Computer ScienceComputer Science (R0)