A Vulnerability and Exploit Independent Approach for Attack Path Prediction

Network Security has gained an ever increasing importance today because of the increased dependence on the networks. One way to assess the threats to the networks is through the use of the attack graphs. However, because of their sheer enormity and complexity the analysis becomes difficult. Given an attack graph the identification of a probable attack path still remains an issue. This paper presents an attack path identification methodology which is both efficient and scalable. The proposed approach is based on the attack surface measure of the individual hosts comprising the network and the access levels between them and it identifies the attack path independent of the vulnerabilities or the exploits that may exist.

[1]  Steven Noel,et al.  Representing TCP/IP connectivity for topological analysis of network security , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[2]  Paul Ammann,et al.  Using model checking to analyze network vulnerabilities , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[3]  Michael Howard,et al.  Measuring Relative Attack Surfaces , 2005 .

[4]  Karen A. Scarfone,et al.  A Complete Guide to the Common Vulnerability Scoring System Version 2.0 | NIST , 2007 .

[5]  Clifford Stein,et al.  Introduction to Algorithms, 2nd edition. , 2001 .

[6]  Jeannette M. Wing,et al.  Tools for Generating and Analyzing Attack Graphs , 2003, FMCO.

[7]  Barry W. Boehm,et al.  Value Driven Security Threat Modeling Based on Attack Path Analysis , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[8]  Paul Ammann,et al.  A host-based approach to network attack chaining analysis , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[9]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[10]  Ronald L. Rivest,et al.  Introduction to Algorithms, Second Edition , 2001 .

[11]  Cynthia A. Phillips,et al.  Computer-attack graph generation tool , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[12]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[13]  Rasool Jalili,et al.  Modeling TCP/IP Networks Topology for Network Vulnerability Analysis , 2005 .

[14]  Miles McQueen,et al.  Measuring the attack surfaces of two FTP daemons , 2006, QoP '06.

[15]  J. Doug Tygar,et al.  Computer Security in the 21st Century , 2010 .