Multimodal graph analysis of cyber attacks

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations

Abstract

The limited information on the cyberattacks available in the unclassified regime, hardens standardizing the analysis. We address the problem of modeling and analyzing cyberattacks using a multimodal graph approach. We formulate the stages, actors, and outcomes of cyberattacks as a multimodal graph. Multimodal graph nodes include cyberattack victims, adversaries, autonomous systems, and the observed cyber events. In multimodal graphs, single-modality graphs are interconnected according to their interaction. We apply community and centrality analysis on the graph to obtain in-depth insights into the attack. In community analysis, we cluster those nodes that exhibit 'strong' inter-modal ties. We further use centrality to rank the nodes according to their importance. Classifying nodes according to centrality provides the progression of the attack from the attacker to the targeted nodes. We apply our methods to two popular case studies, namely GhostNet and Putter Panda and demonstrate a clear distinction in the attack stages.

Original languageEnglish (US)
Title of host publication2019 Spring Simulation Conference, SpringSim 2019
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781510883888
DOIs
StatePublished - Apr 2019
Event2019 Spring Simulation Conference, SpringSim 2019 - Tucson, United States
Duration: Apr 29 2019May 2 2019

Publication series

Name2019 Spring Simulation Conference, SpringSim 2019

Conference

Conference2019 Spring Simulation Conference, SpringSim 2019
CountryUnited States
CityTucson
Period4/29/195/2/19

Keywords

  • Centrality analysis
  • Community analysis
  • Cyber-attacks
  • Multimodal graph

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Control and Optimization
  • Modeling and Simulation

Fingerprint Dive into the research topics of 'Multimodal graph analysis of cyber attacks'. Together they form a unique fingerprint.

  • Cite this

    Ghose, N., Lazos, L., Rozenblit, J., & Breiger, R. (2019). Multimodal graph analysis of cyber attacks. In 2019 Spring Simulation Conference, SpringSim 2019 [8732851] (2019 Spring Simulation Conference, SpringSim 2019). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.23919/SpringSim.2019.8732851