An effective method to generate attack graph

Author

Zhang, Tao ; Hu, Ming-Zeng ; Li, Dong ; Sun, Liang

Author_Institution

Res. Center of Comput. Network & Inf. Security Technol., Harbin Inst. of Technol., China

Volume

7

fYear

2005

fDate

18-21 Aug. 2005

Firstpage

3926

Abstract

As the traditional method, the result of vulnerability scanning can´t directly reflect complex attack routes existing in network, so the attack graph is presented. After analyzing host computer, devices link relation and the characteristic of attack, the model of network security status was built. A forward-search, breadth-first and depth-limited (attack steps limited) algorithm is used to produce attack route, and the tools to generate the attack graph is implemented. The experiment validates the prototype of network attack graph generating tools, and contrasts our method to the other used.

Keywords

computer networks; data flow graphs; security of data; telecommunication network routing; telecommunication security; tree searching; attack graph generation; breadth-first algorithm; depth-limited algorithm; forward-search algorithm; network attack routes; network security; security analysis; vulnerability scanning; Computer hacking; Computer networks; Computer security; Databases; Electronic mail; High-speed networks; Information security; Protection; Prototypes; Sun; Network security; attack graph; attack route; security analysis;

fLanguage

English

Publisher

ieee

Conference_Titel

Machine Learning and Cybernetics, 2005. Proceedings of 2005 International Conference on

Conference_Location

Guangzhou, China

Print_ISBN

0-7803-9091-1

Type

conf

DOI

10.1109/ICMLC.2005.1527624

Filename

1527624