Abstract
Attack graphs are valuable vulnerabilities analysis tools to network defenders and may be classified to two kinds by application. One is the partial attack graphs which illustrate the potential interrelations among the known vulnerabilities just related to the given attack goal in the targeted network, the other is full attack graphs which evaluate the potential interrelations among all the known vulnerabilities in the targeted network. The previous approaches to generating full attack graphs are suffering from two issues. One is the effective modeling language for full attack graphs generation and the other is the scalability to large enterprise network. In this paper, we firstly present a novel conceptual model for full attack graph generation that introduces attack pattern simplifying the process of modeling the attacker. Secondly, a formal modeling language VAML is proposed to describe the various elements in the conceptual model. Thirdly, based on VAML, a scalable approach to generate full attack graphs is put forward. The prototype system CAVS has been tested on an operational network with over 150 hosts. We have explored the system’s scalability by evaluating simulated networks with up to one thousand hosts and various topologies. The experimental result shows the approach could be applied to large networks.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Phillips, C., Swiler, L.: A graph-based system for network vulnerability analysis. In: ACM New Security Paradigms Workshop, pp. 71–79 (1998)
Ritchey, R., Ammann, P.: Using model checking to analyze network vulnerabilities. In: Proceedings of the 2000 IEEE Symposium on Security and Privacy, pp. 156–165 (2000)
Sheyner, O., Jha, S., Wing, J.M., Lippmann, R.P., Haines, J.: Automated Generation and Analysis of Attack Graphs. In: 2002 IEEE Symposium on Security and Privacy, Oakland, California (2002)
Lippmann, R.P., Ingols, K.W.: An annotated review of past papers on attack graphs. Technical report, MIT Lincoln Laboratory, Lexington, MA, ESC-TR-2005-054 (2005)
Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 217–224. ACM Press, New York (2002)
Jajodia, S., Noel, S., O’Berry, B.: Topological Analysis of Network Attack Vulnerability, vol. 5. Kluwer Academic Publishers, Dordrecht (2003)
Ou, X., Govindavajhala, S., Appel, A.W.: MulVAL: A logic-based network security analyzer. In: 14th USENIX Security Symposium, Baltimore, MD,USA (August. 2005)
Ou, X., Boyer, W.F., McQueen, M.A.: A Scalable Approach to Attack Graph Generation. In: Proceedings of the 13th ACM conference on Computer and communications security, pp. 336–345 (2006)
Templeton, S., Levit, K.: A Requires/Provides Model for Computer Attacks. In: Proc. of New Security Paradigms Workshop, pp. 31–38 (2000-2009)
Cuppens, F., Ortalo, R.: LAMBDA: A language to model a database for detection of attacks. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 197–216. Springer, Heidelberg (2000)
Jha, S., Sheyner, O., Wing, J.: Two Formal Analyses of Attack Graphs. In: Proceedings: 15th IEEE Computer Security Foundations Workshop (CSFW 15), pp. 49–63. IEEE Computer Society Press, Los Alamitos (2002)
Wang, L., Noel, S., Jajodia, S.: Minimum-cost network hardening using attack graphs. Computer Communications 29(18), 3812–3824 (2006)
Wang, L., Liu, A., Jajodia, S.: An efficient and unified approach to correlating, hypothesizing, and predicting intrusion alerts. In: de Capitani di Vimercati, S., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 247–266. Springer, Heidelberg (2005)
Noel, S., Jajodia, S.: Correlating intrusion events and building attack scenarios through attack graph distance. In: Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC 2004) (2004)
Wang, L., Singhal, A., Jajodia, S.: Toward measuring network security using attack graphs. In: Conference on Computer and Communications Security Proceedings of the 2007 ACM workshop on Quality of protection, pp. 49–54 (2007)
Graphviz - Graph Visualization Software, http://www.graphviz.org/
Common Vulnerabilities and Exposure, http://cve.mitre.org/
Common Attack Pattern Enumeration and Classification, http://capec.mitre.org/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Chen, F., Su, J., Zhang, Y. (2009). A Scalable Approach to Full Attack Graphs Generation. In: Massacci, F., Redwine, S.T., Zannone, N. (eds) Engineering Secure Software and Systems. ESSoS 2009. Lecture Notes in Computer Science, vol 5429. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00199-4_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-00199-4_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-00198-7
Online ISBN: 978-3-642-00199-4
eBook Packages: Computer ScienceComputer Science (R0)