| Autor: |
David Tayouri, Nick Baum, Asaf Shabtai, Rami Puzis |
| Jazyk: |
angličtina |
| Rok vydání: |
2023 |
| Předmět: |
|
| Zdroj: |
IEEE Access, Vol 11, Pp 27974-27991 (2023) |
| Druh dokumentu: |
article |
| ISSN: |
2169-3536 |
| DOI: |
10.1109/ACCESS.2023.3257721 |
| Popis: |
Organizations employ various adversary models to assess the risk and potential impact of attacks on their networks. A popular method of visually representing cyber risks is the attack graph. Attack graphs represent vulnerabilities and actions an attacker can take to identify and compromise an organization’s assets. Attack graphs facilitate the visual presentation and algorithmic analysis of attack scenarios in the form of attack paths. MulVAL is a generic open-source framework for constructing logical attack graphs, which has been widely used by researchers and practitioners and extended by them with additional attack scenarios. This paper surveys all of the existing MulVAL extensions and maps all MulVAL interaction rules to MITRE ATT&CK Techniques to estimate their attack scenarios coverage. This survey aligns current MulVAL extensions along unified ontological concepts and highlights the existing gaps. It paves the way for the systematic improvement of MulVAL and the comprehensive modeling of the entire landscape of adversarial behaviors captured in MITRE ATT&CK. |
| Databáze: |
Directory of Open Access Journals |
| Externí odkaz: |
|
