Scalable, graph-based network vulnerability analysis
Proceedings of the 9th ACM conference on Computer and communications security
Two Formal Analys s of Attack Graphs
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Managing attack graph complexity through visual hierarchical aggregation
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Multiple Coordinated Views for Network Attack Graphs
VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
A scalable approach to attack graph generation
Proceedings of the 13th ACM conference on Computer and communications security
Practical Attack Graph Generation for Network Defense
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
MulVAL: a logic-based network security analyzer
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Toward measuring network security using attack graphs
Proceedings of the 2007 ACM workshop on Quality of protection
Validating and restoring defense in depth using attack graphs
MILCOM'06 Proceedings of the 2006 IEEE conference on Military communications
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Identifying Critical Attack Assets in Dependency Attack Graphs
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Visualizing attack graphs, reachability, and trust relationships with NAVIGATOR
Proceedings of the Seventh International Symposium on Visualization for Cyber Security
Effective network vulnerability assessment through model abstraction
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
Distilling critical attack graph surface iteratively through minimum-cost SAT solving
Proceedings of the 27th Annual Computer Security Applications Conference
| Hi-index | 0.00 |
Various tools exist to analyze enterprise network systems and to produce attack graphs detailing how attackers might penetrate into the system. These attack graphs, however, are often complex and difficult to comprehend fully, and a human user may find it problematic to reach appropriate configuration decisions. This paper presents methodologies that can 1) automatically identify portions of an attack graph that do not help a user to understand the core security problems and so can be trimmed, and 2) automatically group similar attack steps as virtual nodes in a model of the network topology, to immediately increase the understandability of the data. We believe both methods are important steps toward improving visualization of attack graphs to make them more useful in configuration management for large enterprise networks. We implemented our methods using one of the existing attack-graph toolkits. Initial experimentation shows that the proposed approaches can 1) significantly reduce the complexity of attack graphs by trimming a large portion of the graph that is not needed for a user to understand the security problem, and 2) significantly increase the accessibility and understandability of the data presented in the attack graph by clearly showing, within a generated visualization of the network topology, the number and type of potential attacks to which each host is exposed.