• DocumentCode
    1633575
  • Title

    Automated generation and analysis of attack graphs

  • Author

    Sheyner, Oleg ; Haines, Joshua ; Jha, Somesh ; Lippmann, R. ; Wing, Jeannette M.

  • Author_Institution
    Dept. of Comput. Sci., Carnegie Mellon Univ., Pittsburgh, PA, USA
  • fYear
    2002
  • fDate
    6/24/1905 12:00:00 AM
  • Firstpage
    273
  • Lastpage
    284
  • Abstract
    An integral part of modeling the global view of network security is constructing attack graphs. Manual attack graph construction is tedious, error-prone, and impractical for attack graphs larger than a hundred nodes. In this paper we present an automated technique for generating and analyzing attack graphs. We base our technique on symbolic model checking algorithms, letting us construct attack graphs automatically and efficiently. We also describe two analyses to help decide which attacks would be most cost-effective to guard against. We implemented our technique in a tool suite and tested it on a small network example, which includes models of a firewall and an intrusion detection system.
  • Keywords
    authorisation; computer network management; telecommunication security; automated attack graph analysis; automated attack graph generation; firewall; intrusion detection system; network security; symbolic model checking algorithms; Privacy; Security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Security and Privacy, 2002. Proceedings. 2002 IEEE Symposium on
  • ISSN
    1081-6011
  • Print_ISBN
    0-7695-1543-6
  • Type

    conf

  • DOI
    10.1109/SECPRI.2002.1004377
  • Filename
    1004377
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=1633575