Attack Graph Generation with Infused Fuzzy Clustering

Modern networks have been growing rapidly in size and complexity, making manual vulnerability assessment and mitigation impractical. Automation of these tasks is desired (Obaidat and Boudriga, 2007; Bhattacharya et al., 2008). Existing network security tools can be classified into the following two approaches: proactive (such as vulnerability scanning and use of firewalls) and reactive (intrusion detection system). The modus operandi of proactive approaches have an edge over the reactive ones as they have threat information prior to the attack. One approach, viz., generation and analysis of attack graphs, in this class has gained popularity. In this paper, we present an algorithm to automatically generate attack graphs based on the prevalent network conditions. The nodes in the graph that are generated by executing our proposed algorithm have been grouped based on logical graph paradigm which helps in visualizing the dependencies among various initial and generated network configurations towards obtaining the attacker’s goal. In addition, fuzzy logic based clustering has been applied on the generated data corresponding to each such group. This form of clustering is beneficial, because in the real world the boundaries between clusters are indistinct. This form of clustering leads to better visualization of the attack graph. Our goal is to design and develop an efficient approach for automatic attack graph generation and visualization. The approach uses attack graph generation algorithm, and requires network initial conditions as input. Fuzzy logic based clustering, Fuzzy C-Means (FCM) (Bezdek, 1981), is applied at the output of attack graph generation algorithm to improve visualization. Our approach helps network administrator to visualize attack graph in an efficient way. This reduces the burden of network administrator to a larger