U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Towards Probabilistic Identification of Zero-day Attack Paths

Published

Author(s)

Xiaoyan Sun, Dai Jun, Peng Liu, Anoop Singhal, John Yen

Abstract

Zero-day attacks continue to challenge the enterprise network security defense. A zero-day attack path is formed when a multi- step attack contains one or more zero-day exploits. Detecting zero-day attack paths in time could enable early disclosure of zero-day threats. In this paper, we propose a probabilistic approach to identify zero- day attack paths and implement a prototype system named Pr0bA. A System Object Instance Dependency Graph (SOIDG) is first built from system calls to capture the intrusion propagation. To further reveal the zero- day attack paths hiding in the SOIDG, our system constructs an SOIDG-based Bayesian network. By leveraging intrusion evidence, the Bayesian network can quantitatively compute the probabilities of object instances being infected. The object instances with high infection probabilities reveal themselves and form the candidate zero-day attack paths. The experiment results show that our system can successfully identify zero-day attack paths and the paths are of manageable size.
Conference Dates
October 17-19, 2016
Conference Location
Philadelphia, US
Conference Title
2016 IEEE Conference on Communications and Network Security (CNS)
Pub Type
Conferences

Download Paper

https://doi.org/10.1109/CNS.2016.7860471
Local Download

Keywords

Zero Day Attack Paths, Object Dependency Graph, Bayesian Networks, Attack Graphs
Cybersecurity

Citation

Sun, X. , Jun, D. , Liu, P. , Singhal, A. and Yen, J. (2017), Towards Probabilistic Identification of Zero-day Attack Paths, 2016 IEEE Conference on Communications and Network Security (CNS), Philadelphia, US, [online], https://doi.org/10.1109/CNS.2016.7860471, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=918470 (Accessed April 16, 2024)

Created October 23, 2017, Updated October 12, 2021