Abstract
In the current scenario, even the well-administered enterprise networks are extremely susceptible to sophisticated multi-stage cyber attacks. These attacks combine multiple network vulnerabilities and use causal relationship between them in order to get incremental access to enterprise critical resources. Detection of such multi-stage attacks is beyond the capability of present day vulnerability scanners. These correlated “multi-host, multi-stage” attacks are potentially much more harmful than the single point/ isolated attacks. Security researchers have proposed an Attack Graph-based approach to detect such correlated attack scenarios. Attack graph is a security analysis tool used extensively in a networked environment to automate the process of evaluating network’s susceptibility to “multi-host, multi-stage” attacks. In the last decade, a lot of research has been done in the area of attack graph- generation, visualization and analysis. Despite significant progress, still there are issues and challenges before the security community that needs to be addressed. In this paper, we have tried to identify current issues and important avenues of research in the area of attack graph generation, visualization and analysis.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
RedSeal Networks, http://www.redsealnetworks.com/
Skybox Security, http://www.skyboxsecurity.com/
Ou, X., Govindavajhala, S., Appel, A.: MulVAL: A Logic-based Network Security Analyzer. In: 14th USENIX Security Symposium, Baltimore, Maryland, U.S.A. (August 2005)
Jha, S., Sheyner, O., Wing, J.: Two Formal Analysis of Attack Graphs. In: Proc. of the 15th IEEE Workshop on Computer Security Foundations (CSFW 2002). IEEE Computer Society, Washington, DC (2002)
Ghosh, N., Ghosh, S.K.: A planner-based approach to generate and analyze minimal attack graph. Applied Intelligence 36(2), 369–390 (2012)
Schuppenies, R.: Automatic Extraction of Vulnerability Information for Attack Graphs. Master Thesis, Potsdam (March 2009)
Long, T.: Attack Graph Compression. Master Thesis, Concordia University, Montreal, Canada, USA (March 2009)
Kap, G., Ali, D.: Statistical Analysis of Computer Network Security, KTH Royal Institute of Technology, Sweden (October 2013)
Phillips, C., Swiler, L.: A graph-based system for network-vulnerability analysis. In: Proc. of the 1998 Workshop on New Security Paradigms (NSPW 1998), Charlottesville, Virginia, USA, pp. 71–79 (September 1998)
Swiler, L., Phillips, C., Ellis, D., Chakerian, S.: Computer attack graph generation tool. In: DARPA Information Survivability Conference and Exposition II (DISCEX 2001), vol. 2, pp. 307–321 (2001)
Ritchey, R.W., Ammann, P.: Using Model Checking to Analyze Network Vulnerabilities. In: Proc. of the IEEE Symposium on Security and Privacy (S&P 2000), pp. 156–165. IEEE Press, New York (2000)
Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proc. of the IEEE Symposium on Security and Privacy (S&P 2002), pp. 273–284. IEEE Press, Oakland (2002)
Sheyner, O., Wing, J.: Tools for Generating and Analyzing Attack Graphs. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2003. LNCS, vol. 3188, pp. 344–371. Springer, Heidelberg (2004)
Sheyner, O.: Scenario Graphs and Attack Graphs. Ph.D. Thesis, Carneige Mellon University (CMU), Pittsburgh, USA (2004)
Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proc. of the 9th ACM Conference on Computer and ommunications Security (CCS 2002), Washington, DC, USA, pp. 217–224 (November 2002)
Noel, S., Jajodia, S., O’Berry, B., Jacobs, M.: Efficient Minimum-cost Network Hardening via Exploit Dependency Graphs. In: Proc. of the 19th Annual Computer Security Applications Conference (ACSAC 2003), Las Vegas, NV, USA, pp. 86–95 (December 2003)
Jajodia, S., Noel, S., O’Berry, B.: Topological Analysis of Network Attack Vulnerability. In: Managing Cyber Threats: Issues, Approaches, and Challenges, pp. 247–266. Springer US (2005)
Lippmann, R., Ingols, K.W.: An annotated review of past papers on attack graphs. Project Report ESC-TR-2005-054, MIT Lincoln Laboratory (March 2005)
Wang, L., Yao, C., Singhal, A., Jajodia, S.: Interactive Analysis of Attack Graphs Using Relational Queries. In: Damiani, E., Liu, P. (eds.) Data and Applications Security 2006. LNCS, vol. 4127, pp. 119–132. Springer, Heidelberg (2006)
Ou, X., Boyer, W.F., McQueen, M.A.: A scalable approach to attack graph generation. In: Proc. of the 13th ACM Conference on Computer and Communications Security (CCS 2006), Alexandria, Virginia, USA, pp. 336–345 (November 2006)
Ingols, K.W., Lippmann, R., Piwowarski, K.: Practical Attack Graph Generation for Network Defense. In: Proc. of the 22nd Annual Computer Security Applications Conference (ACSAC 2006), Washington, DC, USA, pp. 121–130 (December 2006)
Mehta, V., Bartzis, C., Zhu, H., Clarke, E., Wing, J.: Ranking Attack Graphs. In: Zamboni, D., Kruegel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 127–144. Springer, Heidelberg (2006)
Malhotra, S., Bhattacharya, S., Ghosh, S.K.: A Vulnerability and Exploit Independent Approach for Attack Path Prediction. In: Proc. of the IEEE 8th International Conference on Computer and Information Technology, Sydney, Australia, pp. 282–287 (July 2008)
Lippmann, R., Ingols, K., Scott, C., Piwowarski, K., Kratkiewicz, K., Artz, M., Cunningham, R.: Validating and restoring defense in depth using attack graphs. In: Proc. of the IEEE Conference on Military Communications, pp. 981–990. IEEE Press, Piscataway (2006)
Homer, J., Varikuti, A., Ou, X., McQueen, M.A.: Improving Attack Graph Visualization through Data Reduction and Attack Grouping. In: Proc. of the 5th Int. Work. on Vis. for Comp. Sec. (VizSEC 2008), Cambridge, MA, USA, pp. 68–79 (September 2008)
Noel, S., Jacobs, M., Kalapa, P., Jajodia, S.: Multiple coordinated views for network attack graphs. In Proc. of IEEE Workshop on Visualization for Computer Security (VizSEC 2005), Minneapolis, USA, pp. 99–106 (October 2005)
Noel, S., Jajodia, S.: Understanding complex network attack graphs through clustered adjacency matrices. In: 21st Annual Computer Security Application Conference, vol. 10 (December 2005)
Noel, S., Jajodia, S.: Managing attack graph complexity through visual hierarchical aggregation. In: Proc. of ACM Workshop on Visualization and Data Mining for Computer Security (VizSEC 2004), GMU, Fairfax, USA, pp. 109–118 (October 2004)
Williams, L., Lippmann, R., Ingols, K.W.: An interactive attack graph cascade and reachability display. In: Proc. of the 2007 Workshop on Visualization for Computer Security (VizSEC 2007), Sacramento, CA, USA, pp. 221–236 (October 2007)
Barik, M.S., Mazumdar, C.: A Graph Data Model for Attack Graph Generation and Analysis. In: Martínez Pérez, G., Thampi, S.M., Ko, R., Shu, L. (eds.) SNDS 2014. CCIS, vol. 420, pp. 239–250. Springer, Heidelberg (2014)
Cheng, F., Roschke, S., Meinel, C.: An integrated network scanning tool for attack graph construction. In: Riekki, J., Ylianttila, M., Guo, M. (eds.) GPC 2011. LNCS, vol. 6646, pp. 138–147. Springer, Heidelberg (2011)
Burns, J., Cheng, A., Gurung, P., Rajagopalan, S., Rao, P., Rosenbluth, D., Surendran, A.V., Martin Jr., D.M.: Automatic management of network security policy. In: Proc. of DARPA Information Survivability Conference & Exposition II, vol. 2, pp. 12–26 (2001)
Noel, S., Jajodia, S.: Metrics Suite for Network Attack Graph Analytics. In: 9th Ann. Cyb. and Info. Sec. Res. Conf. (CISRC), Oak Ridge National Laboratory, Tennessee (April 2014)
Alhomidi, M.A., Reed, M.J.: Attack graphs representations. In: 4th Computer Science and Electronic Engineering Conference (CEEC), pp. 83–88 (September 2012)
Wang, L., Yao, C., Singhal, S., Jajodia, S.: Implementing interactive analysis of attack graphs using relational databases. Journal of Computer Security 16(4), 419–437 (2008)
Williams, L.: GARNET: A Graphical Attack Graph and Reachability Network Evaluation Tool. Master Thesis, Massachusetts Institute of Technology (May 2008)
Sawilla, R., Ou, X.: Googling Attack Graphs. Technical Report TM-2007-205, Defense Research and Development Canada (September 2007)
Ramakrishnan, C.R., Sekar, R.: Model-based analysis of configuration vulnerabilities. Journal of Computer Security 10(1-2), 189–209 (2002)
Dacier, M., Deswarte, Y., Kaâniche, M.: Models and tools for quantitative assessment of operational security. In: Information Systems Security, pp. 177–186. Chapman & Hall, Ltd., London (1996)
Heberlein, T., Bishop, M., Ceesay, E., Danforth, M., Senthilkumar, C., Stallard, T.: A Taxonomy for Comparing Attack-Graph Approaches (July 5, 2014)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bopche, G.S., Mehtre, B.M. (2014). Attack Graph Generation, Visualization and Analysis: Issues and Challenges. In: Mauri, J.L., Thampi, S.M., Rawat, D.B., Jin, D. (eds) Security in Computing and Communications. SSCC 2014. Communications in Computer and Information Science, vol 467. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-44966-0_37
Download citation
DOI: https://doi.org/10.1007/978-3-662-44966-0_37
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-44965-3
Online ISBN: 978-3-662-44966-0
eBook Packages: Computer ScienceComputer Science (R0)