Date of Award

2024

Document Type

Dissertation

Degree Name

Doctor of Philosophy (PhD)

Department

College of Technology

Abstract

The work proposed in this research is specific to application security and ties vulnerability data, data storage, statistical analysis, attack surface, attack tree, and predictive analytics as a comprehensive system for identifying attack patterns and predicting an attack path. The vulnerability information gathered using different detection and monitoring capabilities provides basic data for exposing a software applications attack surface. In a multi-tiered application that is web enabled and accessible through the internet starting with the UI / web layer (URL and web application headers) and going down to the Application Programming Interface (API) layer (application to API, API-API), and going into the component layer (web services, micro services, Representational State Transfer (REST) services, diving deep into an applications source code, vulnerabilities found in different segments of the application are gathered. An analysis for statistical correlation between vulnerabilities at each segment provides a basis to identify and predict a threat, or an attack pattern. Further development towards a predictive system involves expanding the detection and monitoring to include an Artificial Neural Network (ANN) for delivering intelligence and machine learning capabilities. Using an ANN based learning system – the input layer, hidden layer (s), and the output layer - a Multi-Layer Perceptron (MLP) that enables predictive capabilities in giving indication of an attack pattern in preempting an attack is discussed. The research proposes building a consolidated data platform that includes vulnerability data, data storage, an analytical engine for determining statistical correlations, integration with an incidence response system, developing an attack tree using a vulnerability map, and applying Deep Learning (DL) method using an MLP for predictive analytics. Knowing the attack path that a threat actor would take is the objective of this research, and an attack tree that represents a threat model of vulnerabilities spread vertically and laterally becomes a critical component of this research. All attack paths, likely attack paths, the narrowed down top priority attack paths, and vulnerability specific attack paths are discussed that will provide the security operations to focus on simulation experiments that will mimic a threat actors action. The work also discusses the importance of an Application Security Vulnerability Information Management Strategy (ASVIM) as a foundational strategy for protecting the vulnerability information stored in this platform, on which the entire predictive system is being built.

Download

Share

COinS