Researchers create next-generation software to identify complex cyber network attacks

Mar 17, 2008

Researchers in George Mason University’s Center for Secure Information Systems have developed new software that can reduce the impact of cyber attacks by identifying the possible vulnerability paths through an organization’s networks.

By their very nature networks are highly interdependent and each machine’s overall susceptibility to attack depends on the vulnerabilities of the other machines in the network. Attackers can take advantage of multiple vulnerabilities in unexpected ways, allowing them to incrementally penetrate a network and compromise critical systems. In order to protect an organization’s networks, it is necessary to understand not only individual system vulnerabilities, but also their interdependencies.

“Currently, network administrators must rely on labor-intensive processes for tracking network configurations and vulnerabilities, which requires a great deal of expertise and is error prone because of the complexity, volume and frequent changes in security data and network configurations,” says Sushil Jajodia, university professor and director of the Center for Secure Information Systems. “This new software is an automated tool that can analyze and visualize vulnerabilities and attack paths, encouraging ‘what-if analysis’.”

The software developed at Mason, CAULDRON, allows for the transformation of raw security data into roadmaps that allow users to proactively prepare for attacks, manage vulnerability risks and have real-time situational awareness. CAULDRON provides informed risk analysis, analyzes vulnerability dependencies and shows all possible attack paths into a network. In this way, it accounts for sophisticated attack strategies that may penetrate an organization’s layered defenses.

CAULDRON’s intelligent analysis engine reasons through attack dependencies, producing a map of all vulnerability paths that are then organized as an attack graph that conveys the impact of combined vulnerabilities on overall security. To manage attack graph complexity, CAULDRON includes hierarchical graph visualizations with high-level overviews and detail drilldown, allowing users to navigate into a selected part of the big picture to get more information.

“One example of this software in use is at the Federal Aviation Administration. They recently installed CAULDRON in their Cyber Security Incident Response Center and it is helping them prioritize security problems, reveal unseen attack paths and protect across large numbers of attack paths,” says Jajodia. “While currently being used by the FAA and defense community, the software is applicable in almost any industry or organization with a network and resources they want to keep protected, such as banking or education.”

Source: George Mason University

Explore further: Oculus unveils new prototype VR headset

add to favorites email to friend print save as pdf

Related Stories

Car hacking: The security threat facing our vehicles

Sep 17, 2014

The car of the future will be safer, smarter and offer greater high-tech gadgets, but be warned without improved security the risk of car hacking is real, according to a QUT road safety expert.

Protecting infrastructure with smarter CPS

Sep 16, 2014

Security of IT networks is continually being improved to protect against malicious hackers. Yet when IT networks interface with infrastructures such as water and electric systems to provide monitoring and control capabilities, ...

Grindr relents to user backlash – but does it respect its users?

Sep 03, 2014

The world's most popular gay social networking app, Grindr, is having a tough time. William Saponaro Jr is suing its developers for negligence, after he was arrested for sexual assault and endangering the welfare of a child. Sapnaro claims a 13 ...

Recommended for you

Big new iPhone brings Apple more profit

7 hours ago

Apple's largest iPhone is selling for $100 more than its other new model, but a new report says it costs Apple only $15.50 more to make the more expensive version.

Microsoft to launch Xbox One in China in days

10 hours ago

US technology giant Microsoft will launch its Xbox One in China on September 29, becoming the first game console to enter the market in 14 years, it said Tuesday, in an apparent reversal of a delay announced ...

PlayStation TV to hit US in October

10 hours ago

PlayStation TV home entertainment system is set to hit North America on October 14 as Sony seeks to improve its financial footing with games, films and music.

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

superhuman
not rated yet Mar 18, 2008
Marketing BS