Wenhui Hu,Long Zhang,Xueyang Liu,Yu Huang,Minghui Zhang,Liang Xing

DOI: https://doi.org/10.1109/bigdatasecurity-hpsc-ids49724.2020.00033

2020-01-01

Abstract:In view of the problem that the overall security of the network is difficult to evaluate quantitatively, we propose the edge authority attack graph model, which aims to make up for the traditional dependence attack graph to describe the relationship between vulnerability behaviors. This paper proposed a network security metrics based on probability, and proposes a network vulnerability algorithm based on vulnerability exploit probability and attack target asset value. Finally, a network security reinforcement algorithm with network vulnerability index as the optimization target is proposed based on this metric algorithm.

Jinwei Yang,Yu Yang,Lu Zheng,Ruixia Cheng,Shengnan Lin

DOI: https://doi.org/10.1088/1742-6596/2310/1/012071

2022-10-11

Journal of Physics: Conference Series

Abstract:Network security situation awareness (NSSA) can analyze current network status and predict trends. Intrusion detection systems are used as sources of security factor in situational awareness, and their accuracy affects the assessment of network security. The attack graph can filter out key nodes and enumerate possible attack paths, which has become the main method of risk assessment. Therefore, a network security situation assessment technology based on intrusion detection was proposed. The detection rate of the intrusion detection system was improved firstly, and then the attack graph was combined with the hidden Markov model (HMM) for network security assessment. The experimental results show that this method can effectively speculate the attack intention and reflect the results intuitively and roundly.

Yonggang Wang,Yi Miao,Yang Yang,Zhong Chen,Jianbin Hu

2009-01-01

China Communications

Abstract:With the development of computer networks, the attacks with respect to them are increasing explosively. It is a very important problem for security testers to test the security situation of a specific network (i.e., to use a method to model all the possible attacks within the environment). Of all the modeling methods, the Network Attack Graph is widely used because of its Visual Intuition. Under this circumstance, this paper firstly introduces the construction methods of the Network Attack Graph, then describes its application in the network security, and lastly previews some research directions of the Network Attack Graph.

Yunpeng Li,Xi Li

DOI: https://doi.org/10.1155/2021/9921731

2021-05-07

Scientific Programming

Abstract:With the rapid development of the Internet, network attacks often occur, and network security is widely concerned. Searching for practical security risk assessment methods is a research hotspot in the field of network security. Network attack graph model is an active detection technology for the attack path. From the perspective of the attacker, it simulated the whole network attack scenario and then presented the dependency among the vulnerabilities in the target network in the way of directed graph. It is an effective tool for analyzing network vulnerability. This paper describes in detail the common methods and tools of network security assessment and analyzes the construction of theoretical model of attack graph, the optimization technology of attack graph, and the research status of qualitative and quantitative analysis technology of attack graph in network security assessment. The attack graph generated in the face of large-scale network is too complex to find the key vulnerability nodes accurately and quickly. Optimizing the attack graph and solving the key attack set can help the security manager better understand the security state of the nodes in the network system, so as to strengthen the security defense ability and guarantee the security of the network system. For all kinds of loop phenomena of directed attribute attack graph, the general method of eliminating loop is given to get an acyclic attack graph. On the basis of acyclic attack graph, an optimization algorithm based on path complexity is proposed, which takes atomic attack distance and atomic weight into consideration, and on the basis of simplified attack graph, minimum-cost security reinforcement is carried out for the network environment. Based on the ant colony algorithm, the adaptive updating principle of changing pheromone and the local searching strategy of the adaptive genetic algorithm are proposed to improve the ant colony algorithm. The experimental results show that compared with the ant colony algorithm, the improved ant colony algorithm can speed up the process of solving the optimal solution. When the number of attack paths is large, the advantages of the improved ant colony algorithm in solving accuracy and late search speed are more obvious, and it is more suitable for large-scale networks.

computer science, software engineering

Anmin Xie,Cong Tang,Nike Gui,Zhuhua Cai,Jian-bin Hu,Zhong Chen

DOI: https://doi.org/10.1109/ICC.2010.5502655

2010-01-01

Abstract:To protect our networks against malicious intrusions, we need to evaluate these networks security. Previous works on attack graphs have provided meaningful conclusions on security measurement. However, large attack graphs are still hard to be understood vividly, and few suggestions have been proposed to prevent inside malicious attackers from attacking networks. To address these problems, we propose a novel approach to evaluate network security based on adjacency matrixes, which are constructed from existing attack graphs. With our model, we use gray scale images to show overall security vividly, and get quantitative evaluation scores. Moreover, we create a prioritized list of potential threatening hosts, which can help network administrators to harden network step by step. Analysis on computation cost shows that the upper bound computation cost of our measurement methodology is O(N3), which could be completed in real time. We also give an example to show how to put our methods in practice.

Anming Xie,Zhuhua Cai,Cong Tang,Jianbin Hu,Zhong Chen

DOI: https://doi.org/10.1109/ACSAC.2009.22

2009-01-01

Abstract:Attack graphs play important roles in analyzing network security vulnerabilities, and previous works have provided meaningful conclusions on the generation and security measurement of attack graphs. However, it is still hard for us to understand attack graphs in a large network, and few suggestions have been proposed to prevent inside malicious attackers from attacking networks. To address these problems, we propose a novel approach to generate and describe attack graphs. Firstly, we construct a two-layer attack graph, where the upper layer is a hosts access graph and the lower layer is composed of some host-pair attack graphs. Compared with previous works, our attack graph has simpler structures, and reaches the best upper bound of computation cost in O(N2). Furthermore, we introduce the adjacency matrix to efficiently evaluate network security, with overall evaluation results presented by gray scale images vividly. Thirdly, by applying prospective damage and important weight factors on key hosts with crucial resources, we can create prioritized lists of potential threatening hosts and stepping stones, both of which can help network administrators to harden network security. Analysis on computation cost shows that the upper bound computation cost of our measurement methodology is O(N3), which could also be completed in real time. Finally, we give some examples to show how to put our methods in practice.

Yukun Zheng,Kun Lv,Changzhen Hu

DOI: https://doi.org/10.1007/978-3-319-64701-2_25

2017-01-01

Abstract:With the rapid development of network, network security issues become increasingly important. It is a tough challenge to evaluate the network security due to the increasing vulnerabilities. In this paper, we propose a quantitative method for evaluating network security based on attack graph. We quantify the importance of nodes and the maximum reachable probability of nodes, and construct a security evaluation function to calculate the security risk score. Our approach focuses on the attacker's view and considers the most important factors that may affect the network security. The parameters we use are easily to be acquired in any network. Thus, the assessment score gotten through the evaluation function can comprehensively reflect the security level. According to the security risk value, security professionals can take appropriate countermeasures to harden the network. Experimental results prove that this model solves the security evaluation problem efficiently.

Xiaochun Xiao,Tiange Zhang,Gendu Zhang

DOI: https://doi.org/10.1109/paciia.2008.183

2008-01-01

Abstract:Protecting computer network security is critical today. Many graph-based approaches have been proposed to analyze network vulnerabilities. Attack Graph is the most influential one. But attack graphs grow exponentially with the size of the network. In this paper, we propose a comprehensive framework for network vulnerabilities modeling and analysis based on the access graph. As a complement to the attack graph approach, the access graph is host-centric approach, which grows polynomially with the number of hosts and so has the benefit of being computationally feasible on large networks. Compared with related works, our approach improves in both performance and computational cost.

Anming Xie,Guodong Chen,Yonggang Wang,Zhong Chen,Jianbin Hu

2009-01-01

Abstract:To address the scalability problem in attack graphs generation, we propose a novel method to generate attack graphs automatically. Our approach constructs a two- tier attack graph framework, which includes a host access graph and some sub-attack graphs .A sub-attack graph describes concrete attack scenarios from one source host to one target host, while the host access graph describes the attacker's privilege transition among hosts. Our sub-attack graphs and host access graph have remarkable smaller scales and can help network administrators to find the key hosts in attack sequences. Analysis shows that the upper bound computational cost of our model is O(N 3 ), which could also be competed in real time. The following experiment validates our approach. Keywords-network security; attack graphs; host access graph; sub-attack graph; I. INTRODUCTION

Baojun Zhang,Kuijun Lu,Xuezeng Pan,Wu, Zhaohui

DOI: https://doi.org/10.1109/cise.2009.5365235

2009-01-01

Abstract:General network attack graph has a large state space. It affects the efficiency of network attack graph generation greatly. In order to solve this problem, a reverse search based network attack graph generation method is proposed. It starts from the target hosts that the goal of attackers, by analyzing the vulnerabilities and connectivity of them, finds all the middleman hosts, then repeats the search process until the hosts hold by the attackers are reached. In this way, numbers of attack chains are got, and they construct the attack graph. The method focuses on the handful of main targets and cuts down large number of unnecessary network states. By this way, the attack graph is generated quickly and effectively.

Jianping Zeng,Shuang Wu,Yanyu Chen,Rui Zeng,Chengrong Wu

DOI: https://doi.org/10.1155/2019/2031063

2019-01-01

Abstract:AbstractAttack graph can simulate the possible paths used by attackers to invade the network. By using the attack graph, the administrator can evaluate the security of the network and analyze and predict the behavior of the attacker. Although there are many research studies on attack graph, there is no systematic survey for the related analysis methods. This paper firstly introduces the basic concepts, generation methods, and computing tasks of the attack graph, and then, several kinds of analysis methods of attack graph, namely, graph-based method, Bayesian network-based method, Markov model-based method, cost optimization method, and uncertainty analysis method, are described in detail. Finally, comparative study of the methods and future work are provided. We believe that this work would help the research community to understand the attack graph analysis method systematically.

Anming Xie,Weiping Wen,Li Zhang,Jianbin Hu,Zhong Chen

DOI: https://doi.org/10.1109/MINES.2009.136

2009-01-01

Abstract:Since attack graphs provide practical attack context and relationships among vulnerabilities, researchers have been trying to evaluate network security based on attack graphs. However, previous works focus their attention on specific evaluations they concerned, and each does things in his own way. There is no explicit way telling network administrators how to measure network security in a general way. In this paper, we propose a new metric framework, whose main goal is to guide people to perform evaluations based on attack graphs. The main components of proposed metric framework include security index, target of evaluation, elementary attribute, composition algorithm, and arithmetic operators. Relative definitions and analysis of these five components are also given. The following examples show the applications of our metric framework, and validate it.

Rahul Chandran,Wei Q. Yan

DOI: https://doi.org/10.4018/ijdcf.2014010103

2014-01-01

International Journal of Digital Crime and Forensics

Abstract:The development of technology in computer networks has boosted the percentage of cyber-attacks today. Hackers are now able to penetrate even the strongest IDS and firewalls. With the help of anti-forensic techniques, attackers defend themselves, from being tracked by destroying and distorting evidences. To detect and prevent network attacks, the main modus of operandi in network forensics is the successful implementation and analysis of attack graph from gathered evidences. This paper conveys the main concepts of attack graphs, requirements for modeling and implementation of graphs. It also contributes the aspect of incorporation of anti-forensic techniques in attack graph which will help in analysis of the diverse possibilities of attack path deviations and thus aids in recommendation of various defense strategies for better security. To the best of our knowledge, this is the first time network anti-forensics has been fully discussed and the attack graphs are employed to analyze the network attacks. The experimental analysis of anti-forensic techniques using attack graphs were conducted in the proposed test-bed which helped to evaluate the model proposed and suggests preventive measures for the improvement of security of the networks.

Xiaochun Xiao,Tiange Zhang,Huan Wang,Gendu Zhang

DOI: https://doi.org/10.1109/fitme.2008.123

2008-01-01

Abstract:Going beyond vulnerability scanning tools that make lists of known vulnerabilities locating on given individual hosts, attack graphs identify all possible attack paths that end in a state where an attacker has successfully achieved his goal. But the algorithmic complexity grows exponential in the size of the network. The access graph is proposed as a complement to the attack graph approach which is host-centric and grows polynomially with the number of hosts and so has the benefit of being computationally feasible on large networks. In this paper, we propose a novel component-centric access graph. Based on the modeling substrates for network, hosts, vulnerabilities and the component-centric access graph, the access graph generation algorithm and a number of ways the security administrator can use the resulting access graph to help secure the network are discussed. Compared with related works, our approach improves the performance and further reduces the computational cost.

LI Jia-rui,LING Xiao-bo,LI Chen-xi,LI Zi-mu,YANG Jia-hai,ZHANG Lei,WU Cheng-nan

DOI: https://doi.org/10.11896/jsjkx.210800107

2022-01-01

Computer Science

Abstract:In order to overcome the difficulties that current attack graph model cannot reflect real-time network attack events,a method is proposed including a forward risk probability update algorithm and a forward-backward combined risk probability update algorithm,which meets the needs of real-time analyzing network security.It first performs specific quantitative analysis on the uncertainty of each node in the graph,and uses Bayesian networks to calculate their static probabilities.After that,it updates the dynamic probability of each node along the forward and backward paths according to the real-time network security events,instantly reflecting the changes of external conditions and assessing real-time risk levels across the network.Experimental results show that the method can calibrate and adjust the risk probability of each node according to the actual situation,which helps the network operator correctly understand the dangerous levels of the network and make better decision for defense and prevention of the next attack.

Xiaochun Xiao,Tiange Zhang,Gendu Zhang

DOI: https://doi.org/10.1109/sectech.2008.18

2008-01-01

Abstract:Currently, the risk analysis for network Information system has experienced a stage from rule-based questionnaire investigation to model-based assessment. Many graph-based models have been proposed and applied to risk analysis. Attack Graph is widely used one. But attack graphs grow exponentially with the size of the network. In this paper, we propose a comprehensive framework for network vulnerabilities modeling and risk analysis based on the access graph. As a complement to the attack graph approach, the access graph is host-centric approach, which grows polynomially with the number of hosts and so has the benefit of being computationally feasible on large networks. Compared with related works, our approach improves in both performance and computational cost.

Anming Xie,Li Zhang,Jianbin Hu,Zhong Chen

DOI: https://doi.org/10.1109/ISECS.2009.113

2009-01-01

Abstract:Attack graphs are important tools for analyzing network security vulnerabilities. Recently, the generation method of attack graphs is a hot topic to the security researchers. As previous works encounter the scalability problem and inaccurate input information problem, we propose a novel method to automatic construction of attack graphs based on probability. After introducing prior-probability, match-probability,and transition-probability into attack graphs generation process, we develop a new attack model and relevant generation algorithms. Our method uses threshold and key states to control the scale of result attack graphs with important attack paths reserved. The following experiments show our approach could get meaningful results with less time and space, especially when one wants to get a few shortest attack paths quickly.

Hongbin Gao,Shangxing Wang,Hongbin Zhang,Bin Liu,Dongmei Zhao,Zhen Liu

DOI: https://doi.org/10.1109/nana56854.2022.00102

2022-01-01

Abstract:This paper has a new network security evaluation method as an absorbing Markov chain-based assessment method. This method is different from other network security situation assessment methods based on graph theory. It effectively refinement issues such as poor objectivity of other methods, incomplete consideration of evaluation factors, and mismatching of evaluation results with the actual situation of the network. Firstly, this method collects the security elements in the network. Then, using graph theory combined with absorbing Markov chain, the threat values of vulnerable nodes are calculated and sorted. Finally, the maximum possible attack path is obtained by blending network asset information to determine the current network security status. The experimental results prove that the method fully considers the vulnerability and threat node ranking and the specific case of system network assets, which makes the evaluation result close to the actual network situation.

Anming Xie,Guodong Chen,Yonggang Wang,Zhong Chen,Jianbin Hu

DOI: https://doi.org/10.1109/SSIRI.2009.32

2009-01-01

Abstract:To address the scalability problem in attack graphs generation, we propose a novel method to generate attack graphs automatically. Our approach constructs a two- tier attack graph framework, which includes a host access graph and some sub-attack graphs. A sub-attack graph describes concrete attack scenarios from one source host to one target host, while the host access graph describes the attacker's privilege transition among hosts. Our sub-attack graphs and host access graph have remarkable smaller scales and can help network administrators to find the key hosts in attack sequences. Analysis shows that the upper bound computational cost of our model is O(N3), which could also be competed in real time. The following experiment validates our approach.

Zhaocui Li,Huichuan Liu,Chunyan Wu

DOI: https://doi.org/10.1080/23742917.2022.2120293

2022-09-10

Journal of Cyber Security Technology

Abstract:The traditional security detection and defense methods are relatively backward, and there are many problems, such as high false alarm and missed alarm rate, and detection lag, which have been difficult to meet the requirements of computer security defense. In order to strengthen the active defense of computer network security and improve the classification and prediction performance of computer network security events, a computer network security risk assessment model based on mrmr Ig feature selection model and attack graph model is proposed. The mrmr Ig feature selection model is used to classify the characteristics of security events, and the hidden Markov chain model and attack graph model are used to predict the attack intention. The experimental results show that the classification accuracy rate of the model is 99.79%, the false alarm rate and the false alarm rate are 0.11% and 0.18%, respectively. The model can accurately predict attacks in real time, and can provide reference for timely taking targeted computer network security reinforcement and active defense measures.