swMATH ID: 22314
Software Authors: Noel, S.; Harley, E.; Tam, K.; Limiero, M.; Share, M.
Description: CyGraph: graph-based analytics and visualization for cybersecurity. This chapter describes CyGraph, a system for improving network security posture, maintaining situational awareness in the face of cyberattacks, and focusing on protection of mission-critical assets. CyGraph adopts a unified graph-based cybersecurity model relevant to potential and actual cyberattacks, defenses, and mission impacts. It captures incremental attack vulnerability, security events, and mission dependencies within a network environment, builds a predictive model of possible attack paths and critical vulnerabilities, and correlates events to known vulnerability paths. It also includes dependencies among mission requirements and network assets, for analysis in the context of mission assurance. The resulting knowledge graph captures the complex relationships among entities in the cybersecurity domain. CyGraph brings together isolated data and events into an overall picture for decision support and situational awareness. It prioritizes exposed vulnerabilities, mapped to potential threats, in the context of mission-critical assets. In the face of actual attacks, it correlates intrusion alerts to known vulnerability paths and suggests best courses of action for responding to attacks. For postattack forensics, it shows vulnerable paths that may warrant deeper inspection. CyGraph also supports CyQL (CyGraph Query Language), a domain-specific query language for expressing graph patterns of interest, with interactive visualization of query results. To help manage visual complexity, CyGraph supports the separation of graph models into interdependent layers. For time-dependent graph models, it provides dynamic visualization of evolving graph state. CyGraph also integrates with third-party tools for visualizing graph state changes (e.g., driven by simulations). Furthermore, it has capabilities for synthesizing graph models with particular statistical properties.
Homepage: http://www.sciencedirect.com/science/article/pii/S0169716116300426
Related Software: MulVAL; TCPDUMP
Referenced in: 1 Publication

Referencing Publications by Year