NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Mapping Evidence Graphs to Attack Graphs

Published

Author(s)

Changwei Liu, Anoop Singhal, Duminda Wijesekera

Abstract

Attack graphs compute potential attack paths from a system configuration and known vulnerabilities of a system. Evidence graphs model intrusion evidence and dependencies among them for forensic analysis. In this paper, we show how to map evidence graphs to attack graphs. This mapping is useful for application of attack graphs and evidence graphs for forensic analysis. In addition to helping to refine attack graphs by comparing attack paths in both attack graphs and evidence graphs, important probabilistic information contained in evidence graphs can be used to compute or refine potential attack success probabilities contained in repositories like CVSS. Conversely, attack graphs can be used to add missing evidence or remove irrelevant evidence to build a complete evidence graph. In particular, when attackers use anti-forensics tools to destroy or distort evidence, attack graphs can help investigators recover the attack scenarios and explain the lack of evidence for missing steps. We illustrate the mapping using a database attack as a case study.
Proceedings Title
IEEE International Workshop on Information Forensics and Security
Conference Dates
December 2-5, 2012
Conference Location
Tenerife, ES
Conference Title
2012 IEEE International Workshop on Information Forensics and Security (WIFS)
Pub Type
Conferences

Download Paper

https://doi.org/10.1109/WIFS.2012.6412636
Local Download

Keywords

anti-forensics, anti-forensics vulnerability database, attack graph, forensic analysis
Information technology, Forensic Science and Cybersecurity and privacy

Citation

Liu, C. , Singhal, A. and Wijesekera, D. (2013), Mapping Evidence Graphs to Attack Graphs, IEEE International Workshop on Information Forensics and Security, Tenerife, ES, [online], https://doi.org/10.1109/WIFS.2012.6412636, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=911920 (Accessed October 8, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created January 16, 2013, Updated October 12, 2021
Was this page helpful?