An Atomic-Domains-Based Approach for Attack Graph Generation

Attack graph is an integral part of modeling the overview of network security. System administrators use attack graphs to determine how vulnerable their systems are and to determine what security measures to deploy to defend their systems. Previous methods on AGG(attack graphs generation) are aiming at the whole network, which makes the process of AGG complex and non-scalable. In this paper, we propose a new approach which is simple and scalable to AGG by decomposing the whole network into atomic domains. Each atomic domain represents a host with a specific privilege. Then the process for AGG is achieved by communications among all the atomic domains. Our approach simplifies the process of design for the whole network, and can gives the attack graphs including each attack path for each host, and when the network changes we just carry on the operations of corresponding atomic domains which makes the process of AGG scalable. Keywords—atomic domain,vulnerability, attack graphs, generation, computer security

[1]  Cynthia A. Phillips,et al.  Computer-attack graph generation tool , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[2]  Xinming Ou,et al.  A scalable approach to attack graph generation , 2006, CCS '06.

[3]  Jeannette M. Wing,et al.  Tools for Generating and Analyzing Attack Graphs , 2003, FMCO.

[4]  Duminda Wijesekera,et al.  Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[5]  Somesh Jha,et al.  Survivability analysis of networked systems , 2001, Proceedings of the 23rd International Conference on Software Engineering. ICSE 2001.

[6]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[7]  Sushil Jajodia,et al.  Minimum-cost network hardening using attack graphs , 2006, Comput. Commun..

[8]  Somesh Jha,et al.  Two formal analyses of attack graphs , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[9]  James P. McDermott,et al.  Attack net penetration testing , 2001, NSPW '00.

[10]  Frédéric Cuppens,et al.  Alert correlation in a cooperative intrusion detection framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[11]  Yi Zhang,et al.  Two Formal Analysis of Attack Graphs: Two Formal Analysis of Attack Graphs , 2010 .

[12]  Phongphun Kijsanayothin,et al.  Host-Centric Model Checking for Network Vulnerability Analysis , 2008, 2008 Annual Computer Security Applications Conference (ACSAC).

[13]  Peng Ning,et al.  Learning attack strategies from intrusion alerts , 2003, CCS '03.

[14]  Jeannette M. Wing,et al.  Scenario graphs and attack graphs , 2004 .

[15]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[16]  Paul Ammann,et al.  Using model checking to analyze network vulnerabilities , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[17]  Parag A. Pathak,et al.  Massachusetts Institute of Technology , 1964, Nature.

[18]  Paul Ammann,et al.  A host-based approach to network attack chaining analysis , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[19]  Richard P. Lippmann,et al.  An Annotated Review of Past Papers on Attack Graphs , 2005 .

[20]  Michael Lyle Artz,et al.  NetSPA : a Network Security Planning Architecture , 2002 .