Skip to main content
SpringerLink
Log in

Attack Graph Generation, Visualization and Analysis: Issues and Challenges

  • Conference paper
Security in Computing and Communications (SSCC 2014)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 467))

Included in the following conference series:

Abstract

In the current scenario, even the well-administered enterprise networks are extremely susceptible to sophisticated multi-stage cyber attacks. These attacks combine multiple network vulnerabilities and use causal relationship between them in order to get incremental access to enterprise critical resources. Detection of such multi-stage attacks is beyond the capability of present day vulnerability scanners. These correlated “multi-host, multi-stage” attacks are potentially much more harmful than the single point/ isolated attacks. Security researchers have proposed an Attack Graph-based approach to detect such correlated attack scenarios. Attack graph is a security analysis tool used extensively in a networked environment to automate the process of evaluating network’s susceptibility to “multi-host, multi-stage” attacks. In the last decade, a lot of research has been done in the area of attack graph- generation, visualization and analysis. Despite significant progress, still there are issues and challenges before the security community that needs to be addressed. In this paper, we have tried to identify current issues and important avenues of research in the area of attack graph generation, visualization and analysis.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. RedSeal Networks, http://www.redsealnetworks.com/

  2. Skybox Security, http://www.skyboxsecurity.com/

  3. Ou, X., Govindavajhala, S., Appel, A.: MulVAL: A Logic-based Network Security Analyzer. In: 14th USENIX Security Symposium, Baltimore, Maryland, U.S.A. (August 2005)

    Google Scholar 

  4. Jha, S., Sheyner, O., Wing, J.: Two Formal Analysis of Attack Graphs. In: Proc. of the 15th IEEE Workshop on Computer Security Foundations (CSFW 2002). IEEE Computer Society, Washington, DC (2002)

    Google Scholar 

  5. Ghosh, N., Ghosh, S.K.: A planner-based approach to generate and analyze minimal attack graph. Applied Intelligence 36(2), 369–390 (2012)

    Article  Google Scholar 

  6. Schuppenies, R.: Automatic Extraction of Vulnerability Information for Attack Graphs. Master Thesis, Potsdam (March 2009)

    Google Scholar 

  7. Long, T.: Attack Graph Compression. Master Thesis, Concordia University, Montreal, Canada, USA (March 2009)

    Google Scholar 

  8. Kap, G., Ali, D.: Statistical Analysis of Computer Network Security, KTH Royal Institute of Technology, Sweden (October 2013)

    Google Scholar 

  9. Phillips, C., Swiler, L.: A graph-based system for network-vulnerability analysis. In: Proc. of the 1998 Workshop on New Security Paradigms (NSPW 1998), Charlottesville, Virginia, USA, pp. 71–79 (September 1998)

    Google Scholar 

  10. Swiler, L., Phillips, C., Ellis, D., Chakerian, S.: Computer attack graph generation tool. In: DARPA Information Survivability Conference and Exposition II (DISCEX 2001), vol. 2, pp. 307–321 (2001)

    Google Scholar 

  11. Ritchey, R.W., Ammann, P.: Using Model Checking to Analyze Network Vulnerabilities. In: Proc. of the IEEE Symposium on Security and Privacy (S&P 2000), pp. 156–165. IEEE Press, New York (2000)

    Google Scholar 

  12. Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proc. of the IEEE Symposium on Security and Privacy (S&P 2002), pp. 273–284. IEEE Press, Oakland (2002)

    Chapter  Google Scholar 

  13. Sheyner, O., Wing, J.: Tools for Generating and Analyzing Attack Graphs. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2003. LNCS, vol. 3188, pp. 344–371. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  14. Sheyner, O.: Scenario Graphs and Attack Graphs. Ph.D. Thesis, Carneige Mellon University (CMU), Pittsburgh, USA (2004)

    Google Scholar 

  15. Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proc. of the 9th ACM Conference on Computer and ommunications Security (CCS 2002), Washington, DC, USA, pp. 217–224 (November 2002)

    Google Scholar 

  16. Noel, S., Jajodia, S., O’Berry, B., Jacobs, M.: Efficient Minimum-cost Network Hardening via Exploit Dependency Graphs. In: Proc. of the 19th Annual Computer Security Applications Conference (ACSAC 2003), Las Vegas, NV, USA, pp. 86–95 (December 2003)

    Google Scholar 

  17. Jajodia, S., Noel, S., O’Berry, B.: Topological Analysis of Network Attack Vulnerability. In: Managing Cyber Threats: Issues, Approaches, and Challenges, pp. 247–266. Springer US (2005)

    Google Scholar 

  18. Lippmann, R., Ingols, K.W.: An annotated review of past papers on attack graphs. Project Report ESC-TR-2005-054, MIT Lincoln Laboratory (March 2005)

    Google Scholar 

  19. Wang, L., Yao, C., Singhal, A., Jajodia, S.: Interactive Analysis of Attack Graphs Using Relational Queries. In: Damiani, E., Liu, P. (eds.) Data and Applications Security 2006. LNCS, vol. 4127, pp. 119–132. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  20. Ou, X., Boyer, W.F., McQueen, M.A.: A scalable approach to attack graph generation. In: Proc. of the 13th ACM Conference on Computer and Communications Security (CCS 2006), Alexandria, Virginia, USA, pp. 336–345 (November 2006)

    Google Scholar 

  21. Ingols, K.W., Lippmann, R., Piwowarski, K.: Practical Attack Graph Generation for Network Defense. In: Proc. of the 22nd Annual Computer Security Applications Conference (ACSAC 2006), Washington, DC, USA, pp. 121–130 (December 2006)

    Google Scholar 

  22. Mehta, V., Bartzis, C., Zhu, H., Clarke, E., Wing, J.: Ranking Attack Graphs. In: Zamboni, D., Kruegel, C. (eds.) RAID 2006. LNCS, vol. 4219, pp. 127–144. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  23. Malhotra, S., Bhattacharya, S., Ghosh, S.K.: A Vulnerability and Exploit Independent Approach for Attack Path Prediction. In: Proc. of the IEEE 8th International Conference on Computer and Information Technology, Sydney, Australia, pp. 282–287 (July 2008)

    Google Scholar 

  24. Lippmann, R., Ingols, K., Scott, C., Piwowarski, K., Kratkiewicz, K., Artz, M., Cunningham, R.: Validating and restoring defense in depth using attack graphs. In: Proc. of the IEEE Conference on Military Communications, pp. 981–990. IEEE Press, Piscataway (2006)

    Google Scholar 

  25. Homer, J., Varikuti, A., Ou, X., McQueen, M.A.: Improving Attack Graph Visualization through Data Reduction and Attack Grouping. In: Proc. of the 5th Int. Work. on Vis. for Comp. Sec. (VizSEC 2008), Cambridge, MA, USA, pp. 68–79 (September 2008)

    Google Scholar 

  26. Noel, S., Jacobs, M., Kalapa, P., Jajodia, S.: Multiple coordinated views for network attack graphs. In Proc. of IEEE Workshop on Visualization for Computer Security (VizSEC 2005), Minneapolis, USA, pp. 99–106 (October 2005)

    Google Scholar 

  27. Noel, S., Jajodia, S.: Understanding complex network attack graphs through clustered adjacency matrices. In: 21st Annual Computer Security Application Conference, vol. 10 (December 2005)

    Google Scholar 

  28. Noel, S., Jajodia, S.: Managing attack graph complexity through visual hierarchical aggregation. In: Proc. of ACM Workshop on Visualization and Data Mining for Computer Security (VizSEC 2004), GMU, Fairfax, USA, pp. 109–118 (October 2004)

    Google Scholar 

  29. Williams, L., Lippmann, R., Ingols, K.W.: An interactive attack graph cascade and reachability display. In: Proc. of the 2007 Workshop on Visualization for Computer Security (VizSEC 2007), Sacramento, CA, USA, pp. 221–236 (October 2007)

    Google Scholar 

  30. Barik, M.S., Mazumdar, C.: A Graph Data Model for Attack Graph Generation and Analysis. In: Martínez Pérez, G., Thampi, S.M., Ko, R., Shu, L. (eds.) SNDS 2014. CCIS, vol. 420, pp. 239–250. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  31. Cheng, F., Roschke, S., Meinel, C.: An integrated network scanning tool for attack graph construction. In: Riekki, J., Ylianttila, M., Guo, M. (eds.) GPC 2011. LNCS, vol. 6646, pp. 138–147. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  32. Burns, J., Cheng, A., Gurung, P., Rajagopalan, S., Rao, P., Rosenbluth, D., Surendran, A.V., Martin Jr., D.M.: Automatic management of network security policy. In: Proc. of DARPA Information Survivability Conference & Exposition II, vol. 2, pp. 12–26 (2001)

    Google Scholar 

  33. Noel, S., Jajodia, S.: Metrics Suite for Network Attack Graph Analytics. In: 9th Ann. Cyb. and Info. Sec. Res. Conf. (CISRC), Oak Ridge National Laboratory, Tennessee (April 2014)

    Google Scholar 

  34. Alhomidi, M.A., Reed, M.J.: Attack graphs representations. In: 4th Computer Science and Electronic Engineering Conference (CEEC), pp. 83–88 (September 2012)

    Google Scholar 

  35. Wang, L., Yao, C., Singhal, S., Jajodia, S.: Implementing interactive analysis of attack graphs using relational databases. Journal of Computer Security 16(4), 419–437 (2008)

    Google Scholar 

  36. Williams, L.: GARNET: A Graphical Attack Graph and Reachability Network Evaluation Tool. Master Thesis, Massachusetts Institute of Technology (May 2008)

    Google Scholar 

  37. Sawilla, R., Ou, X.: Googling Attack Graphs. Technical Report TM-2007-205, Defense Research and Development Canada (September 2007)

    Google Scholar 

  38. Ramakrishnan, C.R., Sekar, R.: Model-based analysis of configuration vulnerabilities. Journal of Computer Security 10(1-2), 189–209 (2002)

    Google Scholar 

  39. Dacier, M., Deswarte, Y., Kaâniche, M.: Models and tools for quantitative assessment of operational security. In: Information Systems Security, pp. 177–186. Chapman & Hall, Ltd., London (1996)

    Google Scholar 

  40. Heberlein, T., Bishop, M., Ceesay, E., Danforth, M., Senthilkumar, C., Stallard, T.: A Taxonomy for Comparing Attack-Graph Approaches (July 5, 2014)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Center for Information Assurance & Management (CIAM), Institute for Development and Research in Banking Technology (IDRBT), India

    Ghanshyam S. Bopche & Babu M. Mehtre

  2. School of Computer and Information Sciences (SCIS), University of Hyderabad, India

    Ghanshyam S. Bopche

Authors
  1. Ghanshyam S. Bopche
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Babu M. Mehtre
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Integrated Management Coastal Research Institute (IGIC), Universitat Politècnica de València, Grao de Gandia, 46033, Vaencia, Spain

    Jaime Lloret Mauri

  2. Indian Institute of Information Technology and Management, Technopark Campus, 695581, Trivandrum, Kerala, India

    Sabu M. Thampi

  3. Department of Electrical Engineering, Georgia Southern University, 8045, 30460, Statesboro, Georgia, USA

    Danda B. Rawat

  4. Chrysler Group LLC, 48326, Auburn Hills, MI, USA

    Di Jin

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Bopche, G.S., Mehtre, B.M. (2014). Attack Graph Generation, Visualization and Analysis: Issues and Challenges. In: Mauri, J.L., Thampi, S.M., Rawat, D.B., Jin, D. (eds) Security in Computing and Communications. SSCC 2014. Communications in Computer and Information Science, vol 467. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-44966-0_37

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-44966-0_37

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-44965-3

  • Online ISBN: 978-3-662-44966-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation