Title :
Scalable attack graph for risk assessment
Author :
Lee, Jehyun ; Lee, Heejo ; In, Hoh Peter
Author_Institution :
Div. of Comput. & Commun. Eng., Korea Univ., Seoul
Abstract :
The growth in the size of networks and the number of vulnerabilities is increasingly challenging to manage network security. Especially, difficult to manage are multi-step attacks which are attacks using one or more vulnerabilities as stepping stones. Attack graphs are widely used for analyzing multi-step attacks. However, since these graphs had large sizes, it was too expensive to work with. In this paper, we propose a mechanism to manage attack graphs using a divide and conquer approach. To enhance efficiency of risk analyzer working with attack graphs, we converted a large graph to multiple sub-graphs named risk units and provide the light-weighted graphs to the analyzers. As a result, when k order of time complexity algorithms work with an attack graph with n vertices, a division having c of overhead vertices reduces the workloads from nk to r(n + c)k. And the coefficient r becomes smaller geometrically from 2-k depended on their division rounds. By this workload reduction, risk assessment processes which work with large size attack graphs become more scalable and resource practical.
Keywords :
computational complexity; computer network management; risk management; security of data; telecommunication security; multistep attacks; network security management; overhead vertices; risk assessment; risk units; scalable attack graph; time complexity algorithms; Acceleration; Computer network management; Computer networks; Computer security; Content addressable storage; Engineering management; Protection; Risk analysis; Risk management; Scalability;
Conference_Titel :
Information Networking, 2009. ICOIN 2009. International Conference on
Conference_Location :
Chiang Mai
Print_ISBN :
978-89-960761-3-1
Electronic_ISBN :
978-89-960761-3-1
