Title :
Attack Grammar: A New Approach to Modeling and Analyzing Network Attack Sequences
Author :
Zhang, Yinqian ; Fan, Xun ; Wang, Yijun ; Xue, Zhi
Author_Institution :
Sch. of Inf. Security Eng., Shanghai Jiao Tong Univ., Shanghai
Abstract :
Attack graphs have been used to show multiple attack paths in large scale networks. They have been proved to be useful utilities for network hardening and penetration testing. However, the basic concept of using graphs to represent attack paths has limitations. In this paper, we propose a new approach, the attack grammar, to model and analyze network attack sequences. Attack grammars are superior in the following areas: First, attack grammars express the interdependency of vulnerabilities better than attack graphs. They are especially suitable for the IDS alerts correlation. Second, the attack grammar can serve as a compact representation of attack graphs and can be converted to the latter easily. Third, the attack grammar is a context-free grammar. Its logical formality makes it better comprehended and more easily analyzed. Finally, the algorithmic complexity of our attack grammar approach is quartic with respect to the number of host clusters, and analyses based on the attack grammar have a run time linear to the length of the grammar, which is quadratic to the number of host clusters.
Keywords :
context-free grammars; graph theory; security of data; attack grammar; context-free grammar; host clusters; large scale networks; network attack sequences; penetration testing; Application software; Clustering algorithms; Computer security; Data mining; Information analysis; Information security; Intrusion detection; Large-scale systems; Testing; Visualization; Attack grammars; IDS alerts correlation; attack graphs; attack squence analysis; network attack modeling;
Conference_Titel :
Computer Security Applications Conference, 2008. ACSAC 2008. Annual
Conference_Location :
Anaheim, CA
Print_ISBN :
978-0-7695-3447-3
DOI :
10.1109/ACSAC.2008.34
