Building compact exploitation graphs for a cluster computing environment

In this paper, a modeling process is described to address challenges in analyzing attack scenarios and mitigating vulnerabilities in networked environments. Known system vulnerability data, system configuration data, and vulnerability scanner results are combined to create exploitation graphs (e-graphs), which are used to represent attack scenarios. The modeling process consists of three primary steps. The first step is the creation of a knowledge base of known system vulnerabilities. These vulnerabilities are represented using preconditions and postconditions. A template is used to represent preconditions and postconditions, and vulnerabilities are encoded using a predefined set of attributes. The second step involves the association of multiple vulnerabilities to create an e-graph specific to the system being modeled. The third step of this process involves the development of abstraction techniques that can be used to simplify exploitation graphs. A novel abstraction technique is proposed based on host connection similarity and exploitation similarity. These techniques have been applied into a high-performance cluster computing environment to show that they facilitate a compact representation of attack scenarios and provide in-depth vulnerability assessments.