Abstract
Attack graph describes how an attacker can compromise with network security. To generate the attack graph, we required system as well as vulnerability information. The system information contains scanned data of a network, which is to be analyzed. The vulnerability data contain information about, how exploits can be generated due to multiple vulnerabilities and what effects can be of such exploitation. Multihost multistage vulnerability analysis (MulVAL) tool is used for generating attack graph in this work. MulVAL generated graphs are logical attack graphs based on logical programming and based on dependencies among attack goal and configuration information. The risk of network attack graph is measured through graph topology theoretic properties (connectivity, cycles, and depth), and analysis of possible attacks paths is carried out in this paper.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ou, X., Boyer, W., McQueen, M.: A Scalable Approach to Attack Graph Generation. ACM (2006)
Ingols, K., Lippmann, R., Piwowarsi, K.: Practical attack graph generation for network defense. In: 22nd Annual Conference on Computer Security Application, pp. 121–130 (2006)
Zhang, S., Caragea, D., Ou, X.: An Empirical Study on Using the National Vulnerability Database to Predict Software Vulnerabilities. Database and Expert Systems Applications, pp. 217–231. Springer, Berlin (2011)
Ou, X., Appel, A.W.: A logic-programming approach to network security analysis. USENIX Security (2005)
Ou, X., Govindavajhala, S., Appel, A.W.: MulVAL: a logic-based network security analyzer. In: 14th Usenix Security Symposium (2005)
Nessus security scanner. http://www.nessus.org
NIST, NVD. http://nvd.nist.gov/cvss.cfm
Noel, S., Jajodia, S.: Metrics suite for network attack graph analytics. In: Proceedings of the 9th Cyber and Information Security Research Conference. Oak Ridge National Laboratory, Tennessee (2014)
Wang, L., Islam, T., Long, T., Singhal, A.: An Attack Graph-Based Probabilistic Security Metric. Data and Applications Security, pp. 283–296. Springer, Berlin (2008)
Wang, L., Singhal, A., Jajodia, S.: Measuring the overall security of network configurations using attack graphs. Lecture Notes in Computer Science, vol. 4602, pp. 98–112. Springer, New York (2007)
Williams, L., Lippmann, R., Ingols, K.: GARNET—a graphical attack graph and reachability network evaluation tool. In: Proceedings of the 5th International Workshop. Springer, Cambridge (2008)
Common Vulnerability Scoring System (CVSS). http://www.first.org/cvss
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer India
About this paper
Cite this paper
Prasad, K., Kumar, S., Negi, A., Mahanti, A. (2016). Generation and Risk Analysis of Network Attack Graph. In: Das, S., Pal, T., Kar, S., Satapathy, S., Mandal, J. (eds) Proceedings of the 4th International Conference on Frontiers in Intelligent Computing: Theory and Applications (FICTA) 2015. Advances in Intelligent Systems and Computing, vol 404. Springer, New Delhi. https://doi.org/10.1007/978-81-322-2695-6_42
Download citation
DOI: https://doi.org/10.1007/978-81-322-2695-6_42
Published:
Publisher Name: Springer, New Delhi
Print ISBN: 978-81-322-2693-2
Online ISBN: 978-81-322-2695-6
eBook Packages: EngineeringEngineering (R0)