Title :
An Approach for Network Security Analysis Using Logic Exploitation Graph
Author :
Han-dong Mao ; Wei-ming Zhang ; Chen Feng
Author_Institution :
Nat. Univ. of Defense Technol., Changsha
Abstract :
Recent work in network security has focused on the fact that combinations of exploits are the typical means by which an attacker breaks into a network. Researchers have proposed a variety of graph-based analysis approach, and there is often a lack of logical formalism. This paper describes a new approach to represent and analyze network vulnerability. We propose logical exploitation graph, which directly illustrate logical dependencies among exploitation goals and network configure. Our logical exploitation graph generation tool builds upon LEG-NSA, a network security analyzer based on Prolog logical programming. We demonstrate how to reason all exploitation paths using bottom-up and top-down evaluation algorithms in the Prolog logic- programming engine. We show experimental evidence that our logical exploitation graph generation algorithm is very efficient.
Keywords :
PROLOG; graph theory; logic programming; security of data; Prolog logical programming; bottom-up evaluation algorithms; graph-based analysis; logic exploitation graph; network security analysis; network vulnerability; top-down evaluation algorithms; Computer network management; Computer networks; Computer security; Engines; Information analysis; Information security; Information technology; Logic programming; Management information systems; National security;
Conference_Titel :
Computer and Information Technology, 2007. CIT 2007. 7th IEEE International Conference on
Conference_Location :
Aizu-Wakamatsu, Fukushima
Print_ISBN :
978-0-7695-2983-7
DOI :
10.1109/CIT.2007.129
