A Graph theoretical approach to Network Vulnerability Analysis and Countermeasures

Computer networks are certainly vulnerable as long as they deliver services from different machines. An attack graph is a security model representing the chains of vulnerability exploits in a network displays the ways an attacker can compromise a network or host. A number of researchers have admitted attack graph visual complications and a large amount of source data must be assembled to accurately build an attack graph, the difficulty scaling to large, enterprise-size networks with tens of thousands of hosts and the lack comprehensive understanding. Information on vulnerabilities is present in public vulnerability databases, such as the National Vulnerability Database and Nessus. But current attack graph tools are reserved to only limited attributes. The automatic formation of vulnerability information has been troublesome and vulnerability descriptions were created by hand or based on limited information. Much vulnerability has still not been discovered and many others without patches or solutions Our approach to developing a cost metric exploits the Markov’s model using combinations well known vulnerabilities (the Common Vulnerability Scoring System, CVSS) and Risk Assessment Values (RAV) and using ranking algorithms (similar to V. Mehta et al. 2006 and kijsanayothin, 2010) but instead of using vulnerabilities. For each host we have developed a cost rank Markov’s model reducing the complexity in the attack graph, representing the network topology and dipping the problem of visibility.

[1]  Hector Garcia-Molina,et al.  Combating Web Spam with TrustRank , 2004, VLDB.

[2]  Phongphun Kijsanayothin Network security modeling with intelligent and complexity analysis , 2010 .

[3]  Sushil Jajodia,et al.  Understanding complex network attack graphs through clustered adjacency matrices , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[4]  Edsger W. Dijkstra,et al.  A Discipline of Programming , 1976 .

[5]  Xinming Ou,et al.  Googling Attack Graphs , 2007 .

[6]  Bjarne Stroustrup,et al.  C++ Programming Language , 1986, IEEE Softw..

[7]  Sushil Jajodia,et al.  Multiple coordinated views for network attack graphs , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[8]  Liwen He,et al.  Network Penetration Testing , 2006 .

[9]  Daniel Geer,et al.  Penetration testing: a duet , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[10]  Sergey Brin,et al.  The Anatomy of a Large-Scale Hypertextual Web Search Engine , 1998, Comput. Networks.

[11]  Menezes Bernard Network Security and Cryptography , 2010 .

[12]  Kenneth E. Iverson,et al.  A programming language , 1899, AIEE-IRE '62 (Spring).

[13]  Edmund M. Clarke,et al.  Ranking Attack Graphs , 2006, RAID.