Attack graph generation and analysis

Attack graphs represent the ways in which an adversary can exploit vulnerabilities to break into a system. System administrators analyze these attack graphs to understand where their system's weaknesses lie and to help decide which security measures will be effective to deploy. In practice, attack graphs are produced manually by Red Teams. Construction by hand, however, is tedious, error-prone, and impractical for attack graphs larger than a hundred nodes. In this talk I present a technique, based on model checking, for generating attack graphs automatically. I also describe different analyses that system administrators can perform in trading off one security measure for another or in using attack graphs in intrusion detection. Work on generating attack graphs is joint with Somesh Jha and Oleg Sheyner; on analyzing them, joint with Oleg Sheyner and Oren Dobzinski.

[1]  Jeannette M. Wing,et al.  Scenario graphs and attack graphs , 2004 .

[2]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[3]  Paul Ammann,et al.  Using model checking to analyze network vulnerabilities , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[4]  Richard Lippmann,et al.  Practical Attack Graph Generation for Network Defense , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[5]  Tao Zhang,et al.  An effective method to generate attack graph , 2005, 2005 International Conference on Machine Learning and Cybernetics.

[6]  Duminda Wijesekera,et al.  Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[7]  Xinming Ou,et al.  A scalable approach to attack graph generation , 2006, CCS '06.

[8]  Zeng-Liang Liu,et al.  An analysis approach for multi-stage network attacks , 2005, 2005 International Conference on Machine Learning and Cybernetics.

[9]  Sushil Jajodia,et al.  A weakest-adversary security metric for network configuration security analysis , 2006, QoP '06.

[10]  Jeannette M. Wing,et al.  Tools for Generating and Analyzing Attack Graphs , 2003, FMCO.

[11]  Somesh Jha,et al.  Two formal analyses of attack graphs , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[12]  Michael Lyle Artz,et al.  NetSPA : a Network Security Planning Architecture , 2002 .

[13]  Sushil Jajodia,et al.  Managing attack graph complexity through visual hierarchical aggregation , 2004, VizSEC/DMSEC '04.

[14]  Sushil Jajodia,et al.  Topological analysis of network attack vulnerability , 2006, PST.

[15]  Sushil Jajodia,et al.  Toward measuring network security using attack graphs , 2007, QoP '07.

[16]  Christos Faloutsos,et al.  Fully automatic cross-associations , 2004, KDD.

[17]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[18]  Somesh Jha,et al.  Survivability analysis of networked systems , 2001, Proceedings of the 23rd International Conference on Software Engineering. ICSE 2001.

[19]  Sushil Jajodia,et al.  Measuring the Overall Security of Network Configurations Using Attack Graphs , 2007, DBSec.

[20]  Sushil Jajodia,et al.  Understanding complex network attack graphs through clustered adjacency matrices , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).