Title :
Compressing Attack Graphs Through Reference Encoding
Author :
Cheng, Pengsu ; Wang, Lingyu ; Long, Tao
Author_Institution :
Concordia Inst. for Inf. Syst. Eng., Concordia Univ., Montreal, QC, Canada
fDate :
June 29 2010-July 1 2010
Abstract :
As a widely accepted model of multi-step network intrusions, attack graph has been applied to topological vulnerability analysis, network hardening, alert correlation, security metrics, and so on. A major challenge faced by attack graphs is the scalability: Even the attack graph of a moderate-sized network is typically incomprehensible to the human eyes, whereas that of large enterprise networks usually has an unmanageable size. Such a complexity, however, is not entirely unavoidable. In this paper, we shall show that an attack graph may contain much redundancy due to the similarity between different hosts´ configurations. We then present a novel representation of attack graphs based on reference encoding. Specifically, subnets of hosts with similar configurations are represented using reference hosts while textual rules are employed to describe minor differences. The compression process is lossless and the resultant attack graph can directly provide useful insights. The effectiveness of the proposed model is illustrated through a case study and simulation results.
Keywords :
computer network reliability; computer network security; encoding; graph theory; compressing attack graphs; large enterprise networks; moderate-sized network; multistep network intrusion model; reference encoding; security metrics; topological vulnerability analysis; Computational modeling; Encoding; Generators; Measurement; Redundancy; Simulation; Topology; Attack graph; network security; vulnerability analysis;
Conference_Titel :
Computer and Information Technology (CIT), 2010 IEEE 10th International Conference on
Conference_Location :
Bradford
Print_ISBN :
978-1-4244-7547-6
DOI :
10.1109/CIT.2010.188
