An effective method to generate attack graph

As the traditional method, the result of vulnerability scanning can't directly reflect complex attack routes existing in network, so the attack graph is presented. After analyzing host computer, devices link relation and the characteristic of attack, the model of network security status was built. A forward-search, breadth-first and depth-limited (attack steps limited) algorithm is used to produce attack route, and the tools to generate the attack graph is implemented. The experiment validates the prototype of network attack graph generating tools, and contrasts our method to the other used.

[1]  Paul Ammann,et al.  Using model checking to analyze network vulnerabilities , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[2]  Sushil Jajodia,et al.  Managing attack graph complexity through visual hierarchical aggregation , 2004, VizSEC/DMSEC '04.

[3]  Steven J. Templeton,et al.  A requires/provides model for computer attacks , 2001, NSPW '00.

[4]  Cynthia A. Phillips,et al.  Computer-attack graph generation tool , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[5]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[6]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[7]  Jeannette M. Wing,et al.  Scenario graphs and attack graphs , 2004 .

[8]  Yongzheng Zhang,et al.  A New Vulnerability Taxonomy Based on Privilege Escalation , 2004, ICEIS.

[9]  C. R. Ramakrishnan,et al.  Model-Based Vulnerability Analysis of Computer Systems , 1998 .

[10]  Rodolphe Ortalo,et al.  Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security , 1999, IEEE Trans. Software Eng..

[11]  Steven Noel,et al.  Representing TCP/IP connectivity for topological analysis of network security , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[12]  Duminda Wijesekera,et al.  Scalable, graph-based network vulnerability analysis , 2002, CCS '02.