My research will look at how computer networks comprised of many hosts are vulnerable to cyber-attacks. One attack can take the form of the exploitation of multiple vulnerabilities in the network along with lateral movement between hosts. In order to analyse the security of a network it is common practice to run a vulnerability scan to report the presence of vulnerabilities in the network, and prioritise them with a scoring of importance.
This scoring ignores how multiple vulnerabilities could be used in conjunction with one another to achieve a goal that previously was not possible. Attack graphs are a common solution to this problem, where a scan along with the topology of the network is turned into a graph that models how hosts and vulnerabilities can be connected. For a large network these attack graphs can be thousands of nodes in size, so in order to gain insight from them in an automated way they can be turned into Bayesian attack graphs (BAGs) to model the security of the network probabilistically.
The aim of this thesis is to work towards the automation of gathering insight from vulnerability scans of a network, primarily through the generation of BAGs. As such the main contributions of this thesis are as follows:
1. Development and demonstration of a fully containerised pipeline to automatically process vulnerability scans and generate the corresponding attack graph.
2. Creation of a unified formalism for the structure of BAGs and how other graphs can be translated into this formalism.
3. Proposal and evaluation of a novel technique for approximation in the process of static BAG calculation with no requirement for the base graph to be acyclic.
4. Implementation and comparison of three stochastic simulation techniques for dynamic BAG analysis and sensitivity analysis.
5. Demonstration of a sensitivity analysis for BAG priors and a novel method for quick computation of sensitivities that is more readily analysed than the traditional technique.
6. Classification of vulnerabilities using neural networks.
