A Scalable Approach to Full Attack Graphs Generation

Authors:
Feng Chen;Jinshu Su;Yi Zhang
Affiliations:
School of Computer, National University of Defense Technology, Changsha, China 410073;School of Computer, National University of Defense Technology, Changsha, China 410073;School of Computer, National University of Defense Technology, Changsha, China 410073
Venue:
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Year:
2009

Citing 13
Cited 0

A graph-based system for network-vulnerability analysis

Proceedings of the 1998 workshop on New security paradigms
A requires/provides model for computer attacks

Proceedings of the 2000 workshop on New security paradigms
Scalable, graph-based network vulnerability analysis

Proceedings of the 9th ACM conference on Computer and communications security
LAMBDA: A Language to Model a Database for Detection of Attacks

RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
Two Formal Analys s of Attack Graphs

CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Automated Generation and Analysis of Attack Graphs

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Using Model Checking to Analyze Network Vulnerabilities

SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Correlating Intrusion Events and Building Attack Scenarios Through Attack Graph Distances

ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
A scalable approach to attack graph generation

Proceedings of the 13th ACM conference on Computer and communications security
Minimum-cost network hardening using attack graphs

Computer Communications
MulVAL: a logic-based network security analyzer

SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Toward measuring network security using attack graphs

Proceedings of the 2007 ACM workshop on Quality of protection
An efficient and unified approach to correlating, hypothesizing, and predicting intrusion alerts

ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Attack graphs are valuable vulnerabilities analysis tools to network defenders and may be classified to two kinds by application. One is the partial attack graphs which illustrate the potential interrelations among the known vulnerabilities just related to the given attack goal in the targeted network, the other is full attack graphs which evaluate the potential interrelations among all the known vulnerabilities in the targeted network. The previous approaches to generating full attack graphs are suffering from two issues. One is the effective modeling language for full attack graphs generation and the other is the scalability to large enterprise network. In this paper, we firstly present a novel conceptual model for full attack graph generation that introduces attack pattern simplifying the process of modeling the attacker. Secondly, a formal modeling language VAML is proposed to describe the various elements in the conceptual model. Thirdly, based on VAML, a scalable approach to generate full attack graphs is put forward. The prototype system CAVS has been tested on an operational network with over 150 hosts. We have explored the system's scalability by evaluating simulated networks with up to one thousand hosts and various topologies. The experimental result shows the approach could be applied to large networks.