Title :
Research of Network Vulnerability Analysis Based on Attack Capability Transfer
Author :
Wang, Yong ; Yun, Xiaochun ; Zhang, Yongzheng ; Jin, Shuyuan ; Qiao, YanChen
Author_Institution :
Inst. of Comput. Technol., Grad. Univ. of Chinese Acad. of Sci., Beijing, China
Abstract :
Network vulnerability analysis is one of the important techniques to protect network security. Modeling and classification of network vulnerability are introduced firstly, then the concept of attack capability transfer and the algorithm to produce it are presented, which can aggregate vulnerabilities with the same exploitation attributes and satisfying some constrains to simplify the further analysis. Based on the attack capability transfer, a new method constructing attack graph is presented, and the complexity is O(N2) where N is the number of hosts in a network. Through the analysis of attack graph, network vulnerability quantitative analysis is taken and security hardening method based on approximate greedy algorithm is presented, the complexity of which is O(V), where V is the number of vulnerabilities in a network. Experiment shows the effectiveness of the method.
Keywords :
computational complexity; computer network security; graph theory; greedy algorithms; O(N2) complexity; O(V) complexity; approximate greedy algorithm; attack capability transfer; attack graph; network security; network vulnerability analysis; network vulnerability quantitative analysis; security hardening method; Analytical models; Complexity theory; Databases; Electronic mail; Security; Servers; Silicon; Attack Capability Transfer; Attack Graph; Network Security Hardening; Network Vulnerability Modeling; Vulnerability;
Conference_Titel :
Computer and Information Technology (CIT), 2012 IEEE 12th International Conference on
Conference_Location :
Chengdu
Print_ISBN :
978-1-4673-4873-7
DOI :
10.1109/CIT.2012.32
