Advances in Topological Vulnerability Analysis

Currently, network administrators must rely on labor-intensive processes for tracking network configurations and vulnerabilities, which requires a great deal of expertise and is error prone. The organization of networks and the inter dependencies of vulnerabilities are so complex as to make traditional vulnerability analysis inadequate. We describe a Topological Vulnerability Analysis (TVA) approach that analyzes vulnerability dependencies and shows all possible attack paths into a network. From models of the network vulnerabilities and potential attacker exploits, we discover attack paths (organized as graphs) that convey the impact of individual and combined vulnerabilities on overall security. We provide sophisticated attack graph visualizations, with high-level overviews and detail drill down. Decision support capabilities let analysts make optimal tradeoffs between safety and availability, and show how to best apply limited security resources. We employ efficient algorithms that scale well to larger networks.

[1]  Sushil Jajodia,et al.  Topological Vulnerability Analysis: A Powerful New Approach For Network Attack Prevention, Detection, and Response , 2008 .

[2]  Sushil Jajodia,et al.  Managing attack graph complexity through visual hierarchical aggregation , 2004, VizSEC/DMSEC '04.

[3]  Steven Noel,et al.  Representing TCP/IP connectivity for topological analysis of network security , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[4]  Sushil Jajodia,et al.  Topological analysis of network attack vulnerability , 2006, PST.

[5]  David Davies,et al.  Security focus , 1987, Comput. Law Secur. Rev..

[6]  Steven J. Templeton,et al.  A requires/provides model for computer attacks , 2001, NSPW '00.

[7]  R. Cunningham,et al.  Validating and Restoring Defense in Depth Using Attack Graphs , 2006, MILCOM 2006 - 2006 IEEE Military Communications conference.

[8]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[9]  Sushil Jajodia,et al.  Correlating intrusion events and building attack scenarios through attack graph distances , 2004, 20th Annual Computer Security Applications Conference.

[10]  Duminda Wijesekera,et al.  Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[11]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[12]  Sushil Jajodia,et al.  Minimum-cost network hardening using attack graphs , 2006, Comput. Commun..

[13]  Sushil Jajodia,et al.  Multiple coordinated views for network attack graphs , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[14]  Richard P. Lippmann,et al.  An Annotated Review of Past Papers on Attack Graphs , 2005 .

[15]  Paul Ammann,et al.  Using model checking to analyze network vulnerabilities , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[16]  Sushil Jajodia,et al.  Optimal IDS Sensor Placement and Alert Prioritization Using Attack Graphs , 2008, Journal of Network and Systems Management.

[17]  Sushil Jajodia,et al.  Understanding complex network attack graphs through clustered adjacency matrices , 2005, 21st Annual Computer Security Applications Conference (ACSAC'05).

[18]  Frédéric Cuppens,et al.  LAMBDA: A Language to Model a Database for Detection of Attacks , 2000, Recent Advances in Intrusion Detection.