A Method for Global Attack Graph Generation

Author

Man, Dapeng ; Zhang, Bing ; Yang, Wu ; Jin, Wenjin ; Yang, Yongtian

Author_Institution

Harbin Eng. Univ., Harbin

fYear

2008

fDate

6-8 April 2008

Firstpage

236

Lastpage

241

Abstract

Existing attack graph generation methods can only generate attack graphs for the single target, and the scale of the generated graphs is too large. To solve these problems, a global attack graph generation method is proposed on the basis of breadth-first search algorithm. The strategies that limit attack steps and success probability of attack paths are adopted to reduce the scale of the attack graph. The experimental results indicate that using the graph which is generated by this method can analyze network vulnerabilities from the global angle. In addition, this method is validated that it is effective to remove the redundancy edges and nodes of the attack graph, consequently reduces the scale of the attack graph.

Keywords

graph theory; security of data; breadth-first search algorithm; global angle; global attack graph generation; network security; network vulnerabilities; Analytical models; Authorization; Computer networks; Electronic mail; Explosions; Information security; Large-scale systems; National security; Research and development; Attack graph; Network security; Security Evaluation; Vulnerability analysis;

fLanguage

English

Publisher

ieee

Conference_Titel

Networking, Sensing and Control, 2008. ICNSC 2008. IEEE International Conference on

Conference_Location

Sanya

Print_ISBN

978-1-4244-1685-1

Electronic_ISBN

978-1-4244-1686-8

Type

conf

DOI

10.1109/ICNSC.2008.4525217

Filename

4525217