Title :
A Probability-Based Approach to Attack Graphs Generation
Author :
Xie, Anming ; Zhang, Li ; Hu, Jianbin ; Chen, Zhong
Author_Institution :
Sch. of Electron. Eng. & Comput. Sci., Peking Univ., Beijing, China
Abstract :
Attack graphs are important tools for analyzing network security vulnerabilities. Recently, the generation method of attack graphs is a hot topic to the security researchers. As previous works encounter the scalability problem and inaccurate input information problem, we propose a novel method to automatic construction of attack graphs based on probability. After introducing prior-probability, match-probability,and transition-probability into attack graphs generation process, we develop a new attack model and relevant generation algorithms. Our method uses threshold and key states to control the scale of result attack graphs with important attack paths reserved. The following experiments show our approach could get meaningful results with less time and space, especially when one wants to get a few shortest attack paths quickly.
Keywords :
computer networks; graph theory; probability; telecommunication security; attack graph generation; computer network security vulnerability analysis; match-probability; prior-probability; scalability problem; transition-probability; Computer networks; Computer science; Computer science education; Computer security; Data security; Educational technology; Electronic commerce; Information security; Scalability; Software tools;
Conference_Titel :
Electronic Commerce and Security, 2009. ISECS '09. Second International Symposium on
Conference_Location :
Nanchang
Print_ISBN :
978-0-7695-3643-9
DOI :
10.1109/ISECS.2009.113
