Attack Graphs for Proactive Digital Forensics Tara L. McQueen Delaware State University Louis P....
-
Upload
glen-checkley -
Category
Documents
-
view
218 -
download
0
Transcript of Attack Graphs for Proactive Digital Forensics Tara L. McQueen Delaware State University Louis P....
![Page 1: Attack Graphs for Proactive Digital Forensics Tara L. McQueen Delaware State University Louis P. Wilder Computational Sciences and Engineering Division.](https://reader030.fdocuments.in/reader030/viewer/2022032517/56649cae5503460f94971c53/html5/thumbnails/1.jpg)
Attack Graphs for Proactive Digital Forensics
Tara L. McQueenDelaware State University
Louis P. WilderComputational Sciences and Engineering Division
August 2009
![Page 2: Attack Graphs for Proactive Digital Forensics Tara L. McQueen Delaware State University Louis P. Wilder Computational Sciences and Engineering Division.](https://reader030.fdocuments.in/reader030/viewer/2022032517/56649cae5503460f94971c53/html5/thumbnails/2.jpg)
2 Managed by UT-Battellefor the U.S. Department of Energy
Overview
• Purpose
• Cyber Security
• Hacking
• Proactive digital forensics
• Attack graphs
• Universal Serial Bus (USB) exploits
• Registry and event logs
• Future work
![Page 3: Attack Graphs for Proactive Digital Forensics Tara L. McQueen Delaware State University Louis P. Wilder Computational Sciences and Engineering Division.](https://reader030.fdocuments.in/reader030/viewer/2022032517/56649cae5503460f94971c53/html5/thumbnails/3.jpg)
3 Managed by UT-Battellefor the U.S. Department of Energy
Purpose
• Increase cyber security
• Identify possible cyber attacks as they occur
• Create attack graph of USB exploit
• Link event logs and registry data to attack graph
• Investigate theoretical proactive design
![Page 4: Attack Graphs for Proactive Digital Forensics Tara L. McQueen Delaware State University Louis P. Wilder Computational Sciences and Engineering Division.](https://reader030.fdocuments.in/reader030/viewer/2022032517/56649cae5503460f94971c53/html5/thumbnails/4.jpg)
4 Managed by UT-Battellefor the U.S. Department of Energy
Cyber security
• Maintaining confidentiality, availability and access of information
• Identifying legitimate– Users
– Requests
– Tasks
• Preserving information integrity
• Mending network vulnerabilities
• Hacking prevention/detection
![Page 5: Attack Graphs for Proactive Digital Forensics Tara L. McQueen Delaware State University Louis P. Wilder Computational Sciences and Engineering Division.](https://reader030.fdocuments.in/reader030/viewer/2022032517/56649cae5503460f94971c53/html5/thumbnails/5.jpg)
5 Managed by UT-Battellefor the U.S. Department of Energy
Cyber protection
• Growing need as fraudulent activity and electronic commerce increases
• Affecting industries dependent on – Networks
– Computer Systems
– Internet
![Page 6: Attack Graphs for Proactive Digital Forensics Tara L. McQueen Delaware State University Louis P. Wilder Computational Sciences and Engineering Division.](https://reader030.fdocuments.in/reader030/viewer/2022032517/56649cae5503460f94971c53/html5/thumbnails/6.jpg)
6 Managed by UT-Battellefor the U.S. Department of Energy
Hacking
• Gaining unauthorized– Access
– Control
– Data
• Using technical knowledge and exposed information
• Cleaning tracks
• Preventing is difficult and expensive
![Page 7: Attack Graphs for Proactive Digital Forensics Tara L. McQueen Delaware State University Louis P. Wilder Computational Sciences and Engineering Division.](https://reader030.fdocuments.in/reader030/viewer/2022032517/56649cae5503460f94971c53/html5/thumbnails/7.jpg)
7 Managed by UT-Battellefor the U.S. Department of Energy
Proactive digital forensics
• Anticipating hacker/exploit path
• Detecting hacker/exploit in process
• Collecting proper data immediately for judicial efforts
• Enhancing security
![Page 8: Attack Graphs for Proactive Digital Forensics Tara L. McQueen Delaware State University Louis P. Wilder Computational Sciences and Engineering Division.](https://reader030.fdocuments.in/reader030/viewer/2022032517/56649cae5503460f94971c53/html5/thumbnails/8.jpg)
8 Managed by UT-Battellefor the U.S. Department of Energy
Attack graphs
• Communicate information about threats
• Display combinations of vulnerabilities
• Shows– Vulnerabilities as vertices
– Hierarchical constraints as edges
![Page 9: Attack Graphs for Proactive Digital Forensics Tara L. McQueen Delaware State University Louis P. Wilder Computational Sciences and Engineering Division.](https://reader030.fdocuments.in/reader030/viewer/2022032517/56649cae5503460f94971c53/html5/thumbnails/9.jpg)
9 Managed by UT-Battellefor the U.S. Department of Energy
USB attack
• Take milliseconds to initiate (drive by)
• Collect confidential documents
• Send worm through network
• Execute applications automatically
• Easy to develop, retrieve and unleash
• Occur unknowingly
![Page 10: Attack Graphs for Proactive Digital Forensics Tara L. McQueen Delaware State University Louis P. Wilder Computational Sciences and Engineering Division.](https://reader030.fdocuments.in/reader030/viewer/2022032517/56649cae5503460f94971c53/html5/thumbnails/10.jpg)
10 Managed by UT-Battellefor the U.S. Department of Energy
Registry and event logs
• Standard on Windows
• Monitors events– Application
– Security
– System
• Identifies operations and information
• Essential for attack graph
![Page 11: Attack Graphs for Proactive Digital Forensics Tara L. McQueen Delaware State University Louis P. Wilder Computational Sciences and Engineering Division.](https://reader030.fdocuments.in/reader030/viewer/2022032517/56649cae5503460f94971c53/html5/thumbnails/11.jpg)
11 Managed by UT-Battellefor the U.S. Department of Energy
Windows XP registry
![Page 12: Attack Graphs for Proactive Digital Forensics Tara L. McQueen Delaware State University Louis P. Wilder Computational Sciences and Engineering Division.](https://reader030.fdocuments.in/reader030/viewer/2022032517/56649cae5503460f94971c53/html5/thumbnails/12.jpg)
12 Managed by UT-Battellefor the U.S. Department of Energy
Windows XP event logs
![Page 13: Attack Graphs for Proactive Digital Forensics Tara L. McQueen Delaware State University Louis P. Wilder Computational Sciences and Engineering Division.](https://reader030.fdocuments.in/reader030/viewer/2022032517/56649cae5503460f94971c53/html5/thumbnails/13.jpg)
13 Managed by UT-Battellefor the U.S. Department of Energy
USB exploit attack graph
![Page 14: Attack Graphs for Proactive Digital Forensics Tara L. McQueen Delaware State University Louis P. Wilder Computational Sciences and Engineering Division.](https://reader030.fdocuments.in/reader030/viewer/2022032517/56649cae5503460f94971c53/html5/thumbnails/14.jpg)
14 Managed by UT-Battellefor the U.S. Department of Energy
Theoretical proactive design
![Page 15: Attack Graphs for Proactive Digital Forensics Tara L. McQueen Delaware State University Louis P. Wilder Computational Sciences and Engineering Division.](https://reader030.fdocuments.in/reader030/viewer/2022032517/56649cae5503460f94971c53/html5/thumbnails/15.jpg)
15 Managed by UT-Battellefor the U.S. Department of Energy
Conclusion
• Numerous of attack paths can be targeted
• Systematic and proactive approach can be reached
• Real-time detection and alerts
• Detailed recordings can be triggered for judicial efforts
![Page 16: Attack Graphs for Proactive Digital Forensics Tara L. McQueen Delaware State University Louis P. Wilder Computational Sciences and Engineering Division.](https://reader030.fdocuments.in/reader030/viewer/2022032517/56649cae5503460f94971c53/html5/thumbnails/16.jpg)
16 Managed by UT-Battellefor the U.S. Department of Energy
Future work
• Create plug-in
• Implement design on test network
• Run trial exploit
• Research and prepare other exploits/attacks
![Page 17: Attack Graphs for Proactive Digital Forensics Tara L. McQueen Delaware State University Louis P. Wilder Computational Sciences and Engineering Division.](https://reader030.fdocuments.in/reader030/viewer/2022032517/56649cae5503460f94971c53/html5/thumbnails/17.jpg)
17 Managed by UT-Battellefor the U.S. Department of Energy
Acknowlegments
Louis P. Wilder, Christopher Lanclos, Sharon Hastings, Joe Trien George Seweryniak, Debbie McCoy, Rashida Askia and Cindy Latham
The Research Alliance in Math and Science program is sponsored by the Office of Advanced Scientific Computing Research, U.S. Department of Energy.
The work was performed at the Oak Ridge National Laboratory, which is managed by UT-Battelle, LLC under Contract No. De-AC05-00OR22725. This work has been authored by a contractor of the U.S. Government, accordingly, the U.S. Government retains a non-exclusive, royalty-free license to publish or reproduce the published form of this contribution, or allow others to do so, for U.S. Government purposes.