Abstract
Attack graphs for large enterprise networks improve security by revealing critical paths used by adversaries to capture network assets. Even with simplification, current attack graph displays are complex and difficult to relate to the underlying physical networks. We have developed a new interactive tool intended to provide a simplified and more intuitive understanding of key weaknesses discovered by attack graph analysis. Separate treemaps are used to display host groups in each subnet and hosts within each treemap are grouped based on reachability, attacker privilege level, and prerequisites. Users position subnets themselves to reflect their own intuitive grasp of network topology. Users can also single-step the attack graph to successively add edges that cascade to show how attackers progress through a network and learn what vulnerabilities or trust relationships allow critical steps. Finally, an integrated reachability display demonstrates how filtering devices affect host-to-host network reachability and influence attacker actions. This display scales to networks with thousands of hosts and many subnets. Rapid interactivity has been achieved because of an efficient C++ computation engine (a program named NetSPA) that performs attack graph and reachability computations, while a Java application manages the display and user interface.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Williams, L., Lippmann, R., Ingols, K. (2008). An Interactive Attack Graph Cascade and Reachability Display. In: Goodall, J.R., Conti, G., Ma, KL. (eds) VizSEC 2007. Mathematics and Visualization. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-78243-8_15
Download citation
DOI: https://doi.org/10.1007/978-3-540-78243-8_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-78242-1
Online ISBN: 978-3-540-78243-8
eBook Packages: Computer ScienceComputer Science (R0)