| Author(s): |
Changwei Liu; Anoop Singhal; Duminda Wijesekera; |
| Title: |
Using Attack Graphs in Forensic Examinations |
| Published: |
January 16, 2013 |
| Abstract: |
Attack graphs are used to compute potential attack paths from a system configuration and known vulnerabilities of a system. Attack graphs can be used to eliminate known vulnerability sequences that can be eliminated to make attacks difficult and help forensic examiners in identifying many potential attack paths. After an attack happens, forensic analysis, including linking evidence with attacks, helps further understand and refine the attack scenario that was launched. Given that there are anti-forensic tools that can obfuscate, minimize or eliminate attack footprints, forensic analysis becomes harder. As a solution, we propose to apply attack graph to forensic analysis. We do so by including anti-forensic capabilities into attack graphs, so that the missing evidence can be explained by using longer attack paths that erase potential evidence. We show this capability in an explicit case study involving a Database attack. |
| Conference: |
Fifth International Workshop on Digital Forensics (WSDF 2012), at the 2012 Seventh International Conference on Availability, Reliability and Security (ARES 2012) |
| Proceedings: |
2012 Seventh International Conference on Availability, Reliability and Security (ARES 2012) |
| Pages: |
pp. 596 - 603 |
| Location: |
Prague, -1 |
| Dates: |
August 20-24, 2012 |
| Keywords: |
attack graph; anti-forensics; anti-forensics vulnerability database; forensic analysis |
| Research Areas: |
Information Technology, Computer Security, Cybersecurity |
| DOI: |
10.1109/ARES.2012.58 (Note: May link to a non-U.S. Government webpage) |
| PDF version: |
 Click here to retrieve PDF version of paper (510KB) |
