Published: January 16, 2013
Author(s)
Changwei Liu, Anoop Singhal, Duminda Wijesekera
Conference
Name: Fifth International Workshop on Digital Forensics (WSDF 2012)
Dates: August 20-24, 2012
Location: Prague, Czech Republic
Citation: Proceedings of the 2012 Seventh International Conference on Availability, Reliability and Security (ARES 2012), pp. 596-603
Announcement
Attack graphs are used to compute potential attackpaths from a system configuration and known vulnerabilities of asystem. Attack graphs can be used to eliminate knownvulnerability sequences that can be eliminated to make attacksdifficult and help forensic examiners in identifying manypotential attack paths. After an attack happens, forensic analysis, including linking evidence with attacks, helps further understandand refine the attack scenario that was launched. Given thatthere are anti-forensic tools that can obfuscate, minimize oreliminate attack footprints, forensic analysis becomes harder. As a solution, we propose to apply attack graph to forensic analysis. We do so by including anti-forensic capabilities into attackgraphs, so that the missing evidence can be explained by usinglonger attack paths that erase potential evidence. We show thiscapability in an explicit case study involving a database attack.
Attack graphs are used to compute potential attackpaths from a system configuration and known vulnerabilities of asystem. Attack graphs can be used to eliminate knownvulnerability sequences that can be eliminated to make attacksdifficult and help forensic examiners in identifying manypotential...
See full abstract
Attack graphs are used to compute potential attackpaths from a system configuration and known vulnerabilities of asystem. Attack graphs can be used to eliminate knownvulnerability sequences that can be eliminated to make attacksdifficult and help forensic examiners in identifying manypotential attack paths. After an attack happens, forensic analysis, including linking evidence with attacks, helps further understandand refine the attack scenario that was launched. Given thatthere are anti-forensic tools that can obfuscate, minimize oreliminate attack footprints, forensic analysis becomes harder. As a solution, we propose to apply attack graph to forensic analysis. We do so by including anti-forensic capabilities into attackgraphs, so that the missing evidence can be explained by usinglonger attack paths that erase potential evidence. We show thiscapability in an explicit case study involving a database attack.
Hide full abstract
Keywords
anti-forensics; anti-forensics vulnerability database; attack graph; forensic analysis
Control Families
None selected