Attack Graph Techniques

Modern attack-graph techniques can automatically discover all possible ways an attacker can compromise an enterprise network by analyzing configuration information of the hosts and network [7, 12, 13, 19, 20, 24, 26, 27, 37, 38, 39, 41, 44, 46, 47, 50, 52]. We will use the MulVAL logical attack graph [38, 39] as the foundation to build themetric models. A logical attack graph directly encodes the logical causality relationship among configuration settings and potential attacker privileges. It shows “why an attack can happen”, instead of “how an attack happens” as in some earlier attack-graph works [41, 46, 47, 50]. Its semantics is similar to the “exploit dependency attack graph” in the Cauldron project [7, 20, 35], and to a lesser degree also similar to the “multiple-prerequisite attack graph” [19] in the NetSPA project [27].