MAD: A visual analytics solution for Multi-step cyber Attacks Detection

摘要

Software vulnerabilities represent one of the main weaknesses of an Information Technology (IT) system w.r.t. cyber attacks and nowadays consolidated official data, like the Common Vulnerability Exposure (CVE) dictionary, provide precise and reliable details about them. This information, together with the identification of priority systems to defend allows for inspecting the network structure and the most probable paths an attacker is likely to follow to reach sensible resources, with the main goal of identify suitable mitigation actions that reduce the risk of an attack. Some of these mitigation actions can be applied without further delay, some of them, instead, imply a high operational impact on the organization business that makes their usage convenient only when an attack is really on the way. Dealing with this issue is particularly challenging in the context of critical infrastructure where, even if patches are available, organization mission constraints create obstacles to their straightforward application. In this scenario, security operators are forced to deal with known vulnerabilities that cannot be patched and they spend a noticeable effort in proactive analysis, devising countermeasures that can mitigate the effect of a possible attack. This paper presents a Multi-step cyber Attack Detection (MAD) Visual Analytics solution aiming at assisting security operators in improving their network security by analyzing the possible attacks and identifying suitable mitigations. Moreover, during an attack, the system visually presents the security operator with the relevant pieces of information allowing a better comprehension of the attack status and its probable evolution, in order to make decisions on the possible countermeasures.