Automatic Generation of Host-Based Network Attack Graph

Author

Zhong, Shangqin ; Yan, Danfeng ; Liu, Chen

Author_Institution

State Key Lab. of Networking & Switching Technol., Beijing Univ. of Post & Telecommun., Beijing, China

Volume

1

fYear

2009

fDate

March 31 2009-April 2 2009

Firstpage

93

Lastpage

98

Abstract

Attack graph plays an important role in network security, as it directly shows the existence of vulnerabilities in network and how attackers use these vulnerabilities to implement an effective attack, the analysis on the attack graph or the simulation of dynamic attacks through attack graph can help us easily find out the vulnerabilities in network, and take corresponding security measures, in order to strengthen network security. Previous attack graph generation methods are generally not suitable for large network, because of their high complexity of time, high consumption of space, and the large scale of attack graphs. Based on substantive analysis of the vulnerabilities in network, this paper describes a model for automatically generating and analyzing network attack graph. Besides, a prototype system bases on this model has been designed. At last, this prototype system was tested by a model network we built, and it was proved to be simple, flexible, and efficient.

Keywords

computational complexity; graph theory; telecommunication security; automatic host-based network attack graph generation; dynamic attack simulation; network model; network security; network vulnerability; prototype system testing; security measure; time complexity; Computer networks; Computer science; Computer security; Information analysis; Laboratories; Large-scale systems; Libraries; NIST; Prototypes; Telecommunication switching;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Science and Information Engineering, 2009 WRI World Congress on

Conference_Location

Los Angeles, CA

Print_ISBN

978-0-7695-3507-4

Type

conf

DOI

10.1109/CSIE.2009.102

Filename

5171141