Abstract
Scanning is essential for gathering information about the actual state of computer systems or networks. Therefore, it is always taken as the first step of potential attacks against targets. In certain cases, scanning itself is categorized as an attack. Scanning can on the other hand be used for the right purposes, for example, checking the system configurations, verifying firewall rules, proofing security polices, as well as monitoring the large scale network environment. From this point of view, scanning is an effective method for system or network management, security measurement and auditing. To visualize, analyze, and finally evaluate the data gathered by scanners, Attack Graph plays an important role. High quality information about the target system or network is the prerequisite for constructing the attack graph. However, different implementations of scanners have different capabilities and always result in different kinds of outputs. These outputs are usually heterogeneous and not machine-readable, which makes the further analysis a challenging task. In this paper, we examine common types of scanners and demonstrate how to combine multiple types of scanners. The results of all the involved scanners are integrated into a well-designed and consistent data structure, which can not only be well interpreted by human security specialists but also be directly fed into an attack graph construction tool.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Caceres, M.: Syscall Proxying - Simulating Remote Execution. Technical report, Core Security Technologies (2002)
Moore, H., Valsmith: Tactical Exploitation, Version 1.0.0. Technical report, Metasploit LLC (2007)
Bhatia, A., Lam, B., et al.: Automated Network Security Audit Tool (ANSAT). Technical report, University of Colorado at Boulder (2006)
Bishop, M.: About Penetration Testing. IEEE Security & Privacy 5, 84–87 (2007)
Siamwalla, R., Sharma, R., Keshav, S.: Discovering Internet Topology. Technical report, Cornell University (1998)
Dawkins, J., Clark, K., Manes, G., Papa, M.: A Framework for Unified Network Security Management: Identifying and Tracking Security Threats on Converged Networks. Journal of Network and Systems Management 13(3), 253–267 (2005)
Schneier, B.: Attack Trees - Modeling Security Threats. Dr. Dobb’s Journal 21, 21–29 (1999)
Cheng, F., Roschke, S., Schuppenies, R., Meinel, C.: Remodeling Vulnerability Information. In: Bao, F., Yung, M., Lin, D., Jing, J. (eds.) Inscrypt 2009. LNCS, vol. 6151, pp. 324–336. Springer, Heidelberg (2010)
Jajodia, S., Noel, S., O’Berry, B.: Topological Analysis of Network Attack Vulnerability. In: Vipin Kumar, J.S., Lazarevic, A. (eds.) Managing Cyber Threats: Issues, Approaches, and Challenges. Massive Computing, vol. 5, pp. 247–266. Springer, Heidelberg (2005)
Cheng, F., Wolter, C., Meinel, C.: A Simple, Smart and Extensible Framework for Network Security Measurement. In: Pei, D., Yung, M., Lin, D., Wu, C. (eds.) Inscrypt 2007. LNCS, vol. 4990, pp. 517–531. Springer, Heidelberg (2008)
Arboi, M.: The NASL2 Reference Manual. Tenable Network Security (2005)
Cheikes, B.A., Waltermire, D.: Common Platform Enumeration: Naming Specification Version 2.3 (DRAFT). Technical Report The MITRE Corporation, National Institute of Standards and Technology, NIST (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cheng, F., Roschke, S., Meinel, C. (2011). An Integrated Network Scanning Tool for Attack Graph Construction. In: Riekki, J., Ylianttila, M., Guo, M. (eds) Advances in Grid and Pervasive Computing. GPC 2011. Lecture Notes in Computer Science, vol 6646. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-20754-9_15
Download citation
DOI: https://doi.org/10.1007/978-3-642-20754-9_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-20753-2
Online ISBN: 978-3-642-20754-9
eBook Packages: Computer ScienceComputer Science (R0)