Approach to attack path generation based on vulnerability correlation

Network attack path analysis is an important method for analyzing the security status of computer network, which can automatically analyze the correlation between network vulnerabilities and potential threats resulting from vulnerabilities. It plays a guiding role in establishing network security policy. This paper chooses NVD and Bugtraq as vulnerability data sources, and extracts key properties required to build a vulnerability database that mainly contains privilege escalation vulnerabilities in Linux system and common server software. An association analysis of vulnerabilities and related information is made and properties are abstracted to construct atomic attacks and corresponding atomic attack database. A network attack model is constructed from network connection and host configuration. Via matching atomic attacks in attack database, the paper adopts state comparison algorithm to mine potential attack paths that may lead to specified attack goals. The experiment verifies that the proposed approach can reduce the number of attack states effectively and mine all non-redundant attack paths.