Exploring the Viability of PageRank for Attack Graph Analysis and Defence Prioritization

Abstract: In today's digital world, cybersecurity is becoming increasingly critical. Essential services that we rely on every day such as finance, transportation, and healthcare all rely on complex networks and computer systems. As these systems and networks become larger and more complex, it becomes increasingly challenging to identify and protect against potential attacks. This thesis addresses the problem of efficiently analysing large attack graphs and prioritizing defences in the field of cybersecurity. The research question guiding this study is whether PageRank, originally designed for ranking the importance of web pages, can be extended with additional parameters to effectively analyze large vulnerability-based attack graphs. To address this question, a modified version of the PageRank algorithm is proposed, which considers additional parameters present in attack graphs such as Time-To-Compromise values. The proposed algorithm is evaluated on various attack graphs to assess its accuracy, efficiency, and scalability. The evaluation shows that the algorithm exhibits relatively short running times even for larger attack graphs, demonstrating its efficiency and scalability. The algorithm achieves a reasonably high level of accuracy when compared to an optimal defence selection, showcasing its ability to effectively identify vulnerable nodes within the attack graphs. In conclusion, this study demonstrates that PageRank is a viable alternative for the security analysis of attack graphs. The proposed algorithm shows promise in efficiently and accurately analyzing large-scale attack graphs, providing valuable insight for identifying threats and defence prioritization.