Title :
GP-AG: An efficient approach to network security analysis
Author :
Shunhong, Song ; Yuliang, Lu ; Heping, Tang ; Yang, Xia ; Huan, Yuan
Author_Institution :
Dept. of Network Eng., Electron. Eng. Inst., Hefei, China
Abstract :
Attack graphs can be applied to analyze network security, but there are two issues, namely scalability and loop. To solve these problems, we propose a new kind of attack graph named GP-AG, which is generated based on greedy policy. The construction process of GP-AG falls into two phases, the first phase generates the main attack graph with complete greedy policy, and the second phase generates all the sub attack graphs with incomplete greedy policy, the entire attack graph is composed of the main attack graph and all the sub attack graphs. The experiment results indicate that GP-AG provide a novel solution to the problem of efficient attack graph representation and analysis with less nodes and edges and without loops generated, and can help network administrators to find the critical vulnerabilities and attack paths effectively.
Keywords :
computer network security; graph theory; GP-AG; attack graphs; greedy policy; loop; network security analysis; scalability; Access control; Concrete; Data security; Databases; Explosions; Microcomputers; Protection; SCADA systems; Scalability; Visualization; attack graphs; greedy policy; network security analysis;
Conference_Titel :
Computer Engineering and Technology (ICCET), 2010 2nd International Conference on
Conference_Location :
Chengdu
Print_ISBN :
978-1-4244-6347-3
DOI :
10.1109/ICCET.2010.5485430
