Integrating Network and Attack Graphs for Service-Centric Impact Analysis

TL;DR

The paper addresses the problem of assessing how cyber attacks propagate across both network and service layers to affect user services. It proposes a multilayer, probabilistic framework that integrates attack graphs with the underlying communication network, using the Simple Contagion Algorithm to compute network-level reachability and a joint attack probability $p(i,j) = p_N(i,j) \cdot p_E(i,j)$, with state propagation given by $P(i) = 1 - \prod_{j \in A} [1 - P(j,i)]$. The work introduces a suite of metrics, including $E[I_i]$, $CE[I_i]$, $C_{IN}(n)$, $C_{OUT}(n)$, and $C_{NODE}(n)$, to quantify impact at multiple granularities and demonstrates mitigation strategies via vulnerability fixing and monitoring, as well as sensitivity to network weights. The results illustrate how service-centric risk evolves under different scenarios and provide actionable guidance for risk mitigation and security planning in enterprise networks.

Abstract

We present a novel methodology for modelling, visualising, and analysing cyber threats, attack paths, as well as their impact on user services in enterprise or infrastructure networks of digital devices and services they provide. Using probabilistic methods to track the propagation of an attack through attack graphs, via the service or application layers, and on physical communication networks, our model enables us to analyse cyber attacks at different levels of detail. Understanding the propagation of an attack within a service among microservices and its spread between different services or application servers could help detect and mitigate it early. We demonstrate that this network-based influence spreading modelling approach enables the evaluation of diverse attack scenarios and the development of protection and mitigation measures, taking into account the criticality of services from the user's perspective. This methodology could also aid security specialists and system administrators in making well-informed decisions regarding risk mitigation strategies.

Figures (13)

• Figure 1: Combining network graph and attack graph. (Here the graphs are only for demonstrative purpose not the ones used in the rest of the study.) (\ref{['sfig:example_init']}) Original network and attack graph in blue and red colour, respectively. (\ref{['sfig:example_states_attached']}) Attack states connected to their affected services. (\ref{['sfig:example_combined']}) Combined graph with connected start and end states $S1$ and $S6$, respectively.
• Figure 2: The combined graph used in the experiments. The bottom layer represents the original communication network graph and the top layer represents the attached attack states connected to the relevant nodes of the network.
• Figure 3: Attack graph used in the experiments with the states grouped by affected services. $S1$ and $S18$ are the start and end states, respectively.
• Figure 4: Initial node-wise impact, $C_{NODE}$, per node $n$.
• Figure 5: Initial results for expected cumulative impact (vertical axis) across different metrics. (\ref{['fig:init_att_state_wise']}) $CE[I_i]$, expected cumulative impact per attack state (Eq. \ref{['eq:CEI']}). (\ref{['fig:init_inbound']}) $C_{IN}(n)$, expected cumulative inbound impact per node (Eq. \ref{['eq:ICEI']}). (\ref{['fig:init_outbound']}) $C_{OUT}(n)$, expected cumulative outbound impact per node (Eq. \ref{['eq:OCEI']}).