Scalable attack graph for risk assessment

The growth in the size of networks and the number of vulnerabilities is increasingly challenging to manage network security. Especially, difficult to manage are multi-step attacks which are attacks using one or more vulnerabilities as stepping stones. Attack graphs are widely used for analyzing multi-step attacks. However, since these graphs had large sizes, it was too expensive to work with. In this paper, we propose a mechanism to manage attack graphs using a divide and conquer approach. To enhance efficiency of risk analyzer working with attack graphs, we converted a large graph to multiple sub-graphs named risk units and provide the light-weighted graphs to the analyzers. As a result, when k order of time complexity algorithms work with an attack graph with n vertices, a division having c of overhead vertices reduces the workloads from nk to r(n + c)k. And the coefficient r becomes smaller geometrically from 2−kdepended on their division rounds. By this workload reduction, risk assessment processes which work with large size attack graphs become more scalable and resource practical.

[1]  Richard Lippmann,et al.  Practical Attack Graph Generation for Network Defense , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[2]  Igor V. Kotenko,et al.  Attack Graph Based Evaluation of Network Security , 2006, Communications and Multimedia Security.

[3]  Xinming Ou,et al.  A scalable approach to attack graph generation , 2006, CCS '06.

[4]  Gary Stoneburner,et al.  SP 800-30. Risk Management Guide for Information Technology Systems , 2002 .

[5]  Xinming Ou,et al.  Improving Attack Graph Visualization through Data Reduction and Attack Grouping , 2008, VizSEC.

[6]  G. Stoneburner,et al.  Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[7]  Ram Dantu,et al.  Risk management using behavior based attack graphs , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[8]  Sushil Jajodia,et al.  Efficient minimum-cost network hardening via exploit dependency graphs , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[9]  Richard P. Lippmann,et al.  An Annotated Review of Past Papers on Attack Graphs , 2005 .

[10]  Sushil Jajodia,et al.  Toward measuring network security using attack graphs , 2007, QoP '07.

[11]  Sushil Jajodia,et al.  Managing attack graph complexity through visual hierarchical aggregation , 2004, VizSEC/DMSEC '04.