An Approach for Network Security Analysis Using Logic Exploitation Graph

Author

Han-dong Mao ; Wei-ming Zhang ; Chen Feng

Author_Institution

Nat. Univ. of Defense Technol., Changsha

fYear

2007

fDate

16-19 Oct. 2007

Firstpage

761

Lastpage

766

Abstract

Recent work in network security has focused on the fact that combinations of exploits are the typical means by which an attacker breaks into a network. Researchers have proposed a variety of graph-based analysis approach, and there is often a lack of logical formalism. This paper describes a new approach to represent and analyze network vulnerability. We propose logical exploitation graph, which directly illustrate logical dependencies among exploitation goals and network configure. Our logical exploitation graph generation tool builds upon LEG-NSA, a network security analyzer based on Prolog logical programming. We demonstrate how to reason all exploitation paths using bottom-up and top-down evaluation algorithms in the Prolog logic- programming engine. We show experimental evidence that our logical exploitation graph generation algorithm is very efficient.

Keywords

PROLOG; graph theory; logic programming; security of data; Prolog logical programming; bottom-up evaluation algorithms; graph-based analysis; logic exploitation graph; network security analysis; network vulnerability; top-down evaluation algorithms; Computer network management; Computer networks; Computer security; Engines; Information analysis; Information security; Information technology; Logic programming; Management information systems; National security;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer and Information Technology, 2007. CIT 2007. 7th IEEE International Conference on

Conference_Location

Aizu-Wakamatsu, Fukushima

Print_ISBN

978-0-7695-2983-7

Type

conf

DOI

10.1109/CIT.2007.129

Filename

4385177