{"ID":2877294,"CreatedAt":"2026-06-01T04:54:23.091178241Z","UpdatedAt":"2026-06-01T04:54:23.091178241Z","DeletedAt":null,"paper_url":"https://arxiv.org/abs/2508.21005","arxiv_id":"2508.21005","title":"Measuring Ransomware Lateral Movement Susceptibility via Privilege-Weighted Adjacency Matrix Exponentiation","abstract":"Ransomware impact hinges on how easily an intruder can move laterally and spread to the maximum number of assets. We present a graph-theoretic formulation that casts lateral movement as a path-closure problem over a probability semiring to measure lateral-movement susceptibility and estimate blast radius. We build a directed multigraph where vertices represent assets and edges represent reachable services (e.g., RDP/SSH) between them. We model lateral movement as a probabilistic process using a pivot potential factor $π(s)$ for each service, with step successes composed via a probabilistic path operator \\( \\otimes \\) and alternative paths aggregated via a probabilistic union \\( \\oplus \\) (noisy-OR). This yields a monotone fixed-point (iterative) computation of a $K$-hop compromise probability matrix that captures how compromise propagates through the network. Metrics derived from this model include: (1) Lateral-Movement Susceptibility (LMS$_K$): the average probability of a successful lateral movement between any two assets (0-1 scale); and (2) Blast-Radius Estimate (BRE$_K$): the expected percentage of assets compromised in an average attack scenario. Interactive services (SSH 22, RDP 3389) receive higher $π(s)$ than app-only ports (MySQL 3306, MSSQL 1433), which seldom enable pivoting without an RCE. Across anonymized enterprise snapshots, pruning high-$π(s)$ edges yields the largest LMS$_K$/BRE$_K$ drop, aligning with CISA guidance, MITRE ATT\\\u0026CK (TA0008: Lateral Movement), and NIST SP~800-207. The framework evaluates (micro)segmentation and helps prioritize controls that reduce lateral-movement susceptibility and shrink blast radius.","short_abstract":"Ransomware impact hinges on how easily an intruder can move laterally and spread to the maximum number of assets. We present a graph-theoretic formulation that casts lateral movement as a path-closure problem over a probability semiring to measure lateral-movement susceptibility and estimate blast radius. We build a di...","url_abs":"https://arxiv.org/abs/2508.21005","url_pdf":"https://arxiv.org/pdf/2508.21005v2","authors":"[\"Satyam Tyagi\",\"Ganesh Murugesan\"]","published":"2025-08-28T17:07:34Z","proceeding":"cs.DM","tasks":"[\"cs.DM\",\"cs.CR\",\"math.CO\"]","methods":"[]","has_code":false}