An Analysis of the SolarWinds Supply Chain Breach Via Attack Graphs
Open Access
Author:
Cheng, Richard
Area of Honors:
Cybersecurity Analytics & Operations
Degree:
Bachelor of Science
Document Type:
Thesis
Thesis Supervisors:
Peng Liu, Thesis Supervisor Nick Giacobe, Thesis Honors Advisor
Keywords:
attack graph model knowledge graph graph theory network
Abstract:
The 2020 SolarWinds supply chain cyberattack greatly contributed to the evolution of existing areas of study for cyber defense, such as machine learning, network theory, and malware analysis. Attack modeling techniques (AMTs), such as attack graphs, present novel visualizations to enhance the analysis of different security breaches. This paper contributes to the existing literature on the attack graph modeling of large cyberattacks by synthesizing approximately 100 indicators of compromise from a diverse range of sources to provide an intuitive and unfragmented model of the breach on SolarWinds. Subsequent analysis revealed different critical nodes and attack paths that may allow for more robust defensive metrics applicable to other cyber threats. Exploring the utility of attack graphs for cyber threat modeling may offer valuable insights for informed defense efforts.