A Probability-Based Approach to Attack Graphs Generation

Author

Xie, Anming ; Zhang, Li ; Hu, Jianbin ; Chen, Zhong

Author_Institution

Sch. of Electron. Eng. & Comput. Sci., Peking Univ., Beijing, China

Volume

2

fYear

2009

fDate

22-24 May 2009

Firstpage

343

Lastpage

347

Abstract

Attack graphs are important tools for analyzing network security vulnerabilities. Recently, the generation method of attack graphs is a hot topic to the security researchers. As previous works encounter the scalability problem and inaccurate input information problem, we propose a novel method to automatic construction of attack graphs based on probability. After introducing prior-probability, match-probability,and transition-probability into attack graphs generation process, we develop a new attack model and relevant generation algorithms. Our method uses threshold and key states to control the scale of result attack graphs with important attack paths reserved. The following experiments show our approach could get meaningful results with less time and space, especially when one wants to get a few shortest attack paths quickly.

Keywords

computer networks; graph theory; probability; telecommunication security; attack graph generation; computer network security vulnerability analysis; match-probability; prior-probability; scalability problem; transition-probability; Computer networks; Computer science; Computer science education; Computer security; Data security; Educational technology; Electronic commerce; Information security; Scalability; Software tools;

fLanguage

English

Publisher

ieee

Conference_Titel

Electronic Commerce and Security, 2009. ISECS '09. Second International Symposium on

Conference_Location

Nanchang

Print_ISBN

978-0-7695-3643-9

Type

conf

DOI

10.1109/ISECS.2009.113

Filename

5209723