Abstract
Attack graph generation method based on network security situation is presented. Attack graph technique bases attack graph on the target network and the attack model. Generally, attack path is shown that the attacker uses vulnerability of target network to carry out network attack by graph structure. Attribute attack graph generation method based on breadth-first is put forward, which during the process of the attack graph generation solve the problem of circle path and combination explosion, the different scale of simulation experiment shows that the research results can found in time and make up for security problems existing in the network system, effectively improve the survivability of the network system, so as to improve the ability that network system deals with all kinds of sudden attack.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Noel S, Jajodia S (2008) Optimal IDS sensor placement and alert prioritization using attack graphs. J Network Syst Manage 3(16):259–275
Lippmann RP, Ingols KW (2005) An annotated review of past papers on attack graphs. Technical Report, ESC-TR-2005-054, MIT Lincoln Laboratory
Jha S, Sheyner O, Wing J (2002) Two formal analyses of attack graphs. In: The l5th IEEE computer security foundations workshop. IEEE Computer Society, Cape Breton, pp 49–63
Ammann P, Wijesekera D, Kaushik S (2002) Scalable, graph-based network vulnerability analysis. In: The 9th ACM conference on computer and communications security. ACM Press, New York, pp 217–224
Wang L, Noel S, Jajodia S (2006) Minimum-cost network hardening using attack graphs. Comput Commun 29(18):812–824
Sheyner OM (2004) Scenario graphs and attack graphs. Carnegie Mellon University
Ou X, Boyer WF, McQueen MA (2006) A scalable approach to attack graph generation. In: Proceedings of the 13th ACM conference on computer and communications security, pp 336–345
Ou X (2005) A logic-programming approach to network security analysis. Princeton University, Princeton
Noel S, Robertson E, Jajodia S (2004) Correlating intrusion events and building attack scenarios through attack graph distances. In: Proceedings of the 20th annual computer security applications conference, vol 12. Tucson, AZ, USA, pp 350–359
Swiler LP, Philips C, Gaylor T (1988) A graph-based network-vulnerability analysis system. Technical Report. SANDIA Report No. SAND 97-3010/1
Qin X, Lee W (2004) Attack plan recognition and prediction using causal networks. In: Proceedings of international conference on computer security applications, Atlanta, USA, pp 370–379
Acknowledgments
This paper is supported by the National Natural Science Foundation of China (60973027), the Specialized Research Fund for the Doctoral Program of Higher Education of China (20102304120012) and the Natural Science Foundation of Heilongjiang Province of China (F201037).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wang, Y., Wang, H., Zhao, C., Zhang, Y., Yu, M. (2013). Research on Attack Graph Generation for Network Security Situation. In: Yin, Z., Pan, L., Fang, X. (eds) Proceedings of The Eighth International Conference on Bio-Inspired Computing: Theories and Applications (BIC-TA), 2013. Advances in Intelligent Systems and Computing, vol 212. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37502-6_134
Download citation
DOI: https://doi.org/10.1007/978-3-642-37502-6_134
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-37501-9
Online ISBN: 978-3-642-37502-6
eBook Packages: EngineeringEngineering (R0)