Xiaochun Xiao,Tiange Zhang,Huan Wang,Gendu Zhang

DOI: https://doi.org/10.1109/fitme.2008.123

2008-01-01

Abstract:Going beyond vulnerability scanning tools that make lists of known vulnerabilities locating on given individual hosts, attack graphs identify all possible attack paths that end in a state where an attacker has successfully achieved his goal. But the algorithmic complexity grows exponential in the size of the network. The access graph is proposed as a complement to the attack graph approach which is host-centric and grows polynomially with the number of hosts and so has the benefit of being computationally feasible on large networks. In this paper, we propose a novel component-centric access graph. Based on the modeling substrates for network, hosts, vulnerabilities and the component-centric access graph, the access graph generation algorithm and a number of ways the security administrator can use the resulting access graph to help secure the network are discussed. Compared with related works, our approach improves the performance and further reduces the computational cost.

Xiaochun Mao,Tiange Zhang,Gendu Zhang

DOI: https://doi.org/10.1109/cis.2008.68

2008-01-01

Abstract:In order to assess the security of network information system, many graph-based approaches have been proposed. Attack Graph is the most influential one. But attack graphs grow exponentially with the size of the network. In this paper, we propose an improved access graph based model to analyze network security. As a complement to the attack graph approach, the access graph is host-centric approach, which grows polynomially with the number of hosts and so has the benefit of being computationally feasible on large networks. Compared with the related works, our approach improves in both performance and computational cost.

Xiaochun Xiao,Tiange Zhang,Gendu Zhang

DOI: https://doi.org/10.1109/sectech.2008.18

2008-01-01

Abstract:Currently, the risk analysis for network Information system has experienced a stage from rule-based questionnaire investigation to model-based assessment. Many graph-based models have been proposed and applied to risk analysis. Attack Graph is widely used one. But attack graphs grow exponentially with the size of the network. In this paper, we propose a comprehensive framework for network vulnerabilities modeling and risk analysis based on the access graph. As a complement to the attack graph approach, the access graph is host-centric approach, which grows polynomially with the number of hosts and so has the benefit of being computationally feasible on large networks. Compared with related works, our approach improves in both performance and computational cost.

Xiaochun Xiao,Huan Wang,Gendu Zhang

DOI: https://doi.org/10.1109/fcst.2008.26

2008-01-01

Abstract:The risk assessment for network information system has experienced a stage from rule-based questionnaire investigation to model-based assessment. Many graph-based models have been proposed and applied to risk assessment. Attack Graph is widely used one. But attack graphs grow exponentially with the size of the network. In this paper, we propose a comprehensive framework for network vulnerabilities modeling and risk assessment by policy rules violations based on the access graph. As a complement to the attack graph approach, the access graph grows polynomially with the number of hosts and so has the benefit of scaling better to more practical, realistic size networks. This paper presents a novel risk assessment model for network information system based access graph. Compared with related works, our approach improves the performance and reduces the computational cost.

Zhiming Liu,Sheng Li,Jin He,Di Xie,Zhantao Deng

DOI: https://doi.org/10.1109/imccc.2012.50

2012-01-01

Abstract:Today's computer systems face lots of challenges in the fast rate of emerging security problems. To accurately assess the security of computer network systems, one must understand how vulnerabilities can be combined to stage an attack. Attack graphs are important tools for analyzing security vulnerabilities in enterprise networks. However, the complexity of traditional method for generating attack graphs increases dramatically as the network size grows. To solve this problem, the efficiency of attack graph generation method must be improved. Based on the analysis of generation approaches to attack graphs, an attack graph generation method for complex network is proposed in this paper. In this method, the network framework and key nodes can be analyzed and searched by loopholes scanning firstly. Then, starting from these key nodes, the algorithm which combined greedy policy, forward exploration and backward searching is used to generate the attack graph. Experimental results prove that the model can make a comprehensive analysis on network security and research the estimation of network attack.

Tao Zhang,MingZeng Hu,Dong Li,Liang Sun

2005-01-01

Journal of Information and Computational Science

Abstract:Network security evaluation is an important domain of network security. As the traditional method, the result of vulnerability scanning couldn't directly reflect complex attack routes existing in network, so many methods based on security model were presented, and the attack graph is a hot topic in these methods. In this paper we introduce a method to generate the attack graph. After analyzing host computer, devices connection relation and the characteristic of attack, the model of network security status was built. A forward-search, breadth-first and depth-limited (attack steps limited) algorithm is used to produce attack route, and the tools to generate the attack graph is implemented. The experiment validates that the method to generate attack graph is feasible, and we show that the method is more effective than the other methods used.

XU Li,YUAN Yi,XUE Zhi

DOI: https://doi.org/10.3969/j.issn.1009-8054.2011.04.020

2011-01-01

Abstract:A large amount of security loophole is one of the important causes leading to the severe general security situation. The study on network security assessment is thus of significant practical importance. This paper describes in detail the method for building up the attack graph model, and gives an auto-generating algorithm of attack graph. An approach by using mathematic model to analyze attack graph for security assessment of network is proposed. With a virtual network environment, the method is verified. The proposed approach is of practical significance in the Study of attack graph.

SONG Shun-hong,LU Yu-liang,YANG Guo-zheng,YUAN Huan

2011-01-01

Abstract:In view of the scalability problem in the risk assessment based on attack graphs,we propose a quantitative vulnerability assessment approach based on host-based access graphs from the perspective of internal security threat.First we introduce the concept of network access relationship and host critical degree,and propose host security threat model.Then we obtain network access relationships of all the hosts through the generation of host-based access graphs.The impacts of vulnerabilities to the network are figured out based on the model and the access graphs and then all the vulnerabilities are prioritized by impacts.The experiment shows that this approach is efficient to assess the security state of the network and the severity of the vulnerabilities to the network.The result gives meaningful recommendation for network hardening.

Yonggang Wang,Yi Miao,Yang Yang,Zhong Chen,Jianbin Hu

2009-01-01

China Communications

Abstract:With the development of computer networks, the attacks with respect to them are increasing explosively. It is a very important problem for security testers to test the security situation of a specific network (i.e., to use a method to model all the possible attacks within the environment). Of all the modeling methods, the Network Attack Graph is widely used because of its Visual Intuition. Under this circumstance, this paper firstly introduces the construction methods of the Network Attack Graph, then describes its application in the network security, and lastly previews some research directions of the Network Attack Graph.

Tao Zhang,Mingzeng Hu,Xiaochun Yun,Dong Li,Liang Sun

DOI: https://doi.org/10.3321/j.issn:1002-0470.2006.04.004

2006-01-01

Abstract:Aiming at the requirement of network security analysis, a flexible method to generate attack graph is presented. After analyzing network security attributes including the host, user privilege, connection relation, etc., the network security model is built, and the model could describe the network security status. A forward-search, breadth-first algorithm is used to produce attack route, and the tools Graphviz isutilized to generate the attack graph. The experimental rersults validate that our method is feasible.

Feng Chen,Ri Tu,Yi Zhang,Jinshu Su

DOI: https://doi.org/10.1109/ieec.2009.24

2010-01-01

Journal of Networks

Abstract:The compact attack graphs can implicitly reveal the potential threat of sophisticated multi-step attacks by enumerating possible sequences of exploits leading to the compromising given critical resources in enterprise networks with thousands of hosts. For security analysts, the challenge is how to analyze the complex attack graphs with possible ten thousands of nodes for defending the security of network. In the paper, we will essentially discuss two issues about it. The first is to compute non-loop attack paths with the distance less than the given number that the real attacker may take in realistic attack scenarios. The second is how to measure security risk. Two scalable approaches are proposed to solve the above two issues respectively. These approaches are proved to have a polynomial time complexity and can scale to the attack graphs with ten thousands of nodes corresponding to large enterprise networks.

TAO ZHANG,HU MING-ZENG,XIAO-CHUN YUN,YONG-ZHENG ZHANG

2005-01-01

Abstract:As an important method to analyze the security states of computer network, the generation of network attack graph is a hot topic in this domain. After analyzing network vulnerabilities, linking relation between devices and the characteristic of attack, the model of network security states is built, and the generating algorithm of attack graph is implemented. The experiment validates the prototype of generating tools of network attack graph. Key-Words: Network Security; Security Analysis; Attack; Attack Graph

Wenhui Hu,Long Zhang,Xueyang Liu,Yu Huang,Minghui Zhang,Liang Xing

DOI: https://doi.org/10.1109/bigdatasecurity-hpsc-ids49724.2020.00033

2020-01-01

Abstract:In view of the problem that the overall security of the network is difficult to evaluate quantitatively, we propose the edge authority attack graph model, which aims to make up for the traditional dependence attack graph to describe the relationship between vulnerability behaviors. This paper proposed a network security metrics based on probability, and proposes a network vulnerability algorithm based on vulnerability exploit probability and attack target asset value. Finally, a network security reinforcement algorithm with network vulnerability index as the optimization target is proposed based on this metric algorithm.

Anming Xie,Zhuhua Cai,Cong Tang,Jianbin Hu,Zhong Chen

DOI: https://doi.org/10.1109/ACSAC.2009.22

2009-01-01

Abstract:Attack graphs play important roles in analyzing network security vulnerabilities, and previous works have provided meaningful conclusions on the generation and security measurement of attack graphs. However, it is still hard for us to understand attack graphs in a large network, and few suggestions have been proposed to prevent inside malicious attackers from attacking networks. To address these problems, we propose a novel approach to generate and describe attack graphs. Firstly, we construct a two-layer attack graph, where the upper layer is a hosts access graph and the lower layer is composed of some host-pair attack graphs. Compared with previous works, our attack graph has simpler structures, and reaches the best upper bound of computation cost in O(N2). Furthermore, we introduce the adjacency matrix to efficiently evaluate network security, with overall evaluation results presented by gray scale images vividly. Thirdly, by applying prospective damage and important weight factors on key hosts with crucial resources, we can create prioritized lists of potential threatening hosts and stepping stones, both of which can help network administrators to harden network security. Analysis on computation cost shows that the upper bound computation cost of our measurement methodology is O(N3), which could also be completed in real time. Finally, we give some examples to show how to put our methods in practice.

Tao Zhang,MingZeng Hu,Dong Li,Liang Sun

DOI: https://doi.org/10.1109/icmlc.2005.1527624

2005-01-01

Abstract:As the traditional method, the result of vulnerability scanning can't directly reflect complex attack routes existing in network, so the attack graph is presented. After analyzing host computer, devices link relation and the characteristic of attack, the model of network security status was built. A forward-search, breadth-first and depth-limited (attack steps limited) algorithm is used to produce attack route, and the tools to generate the attack graph is implemented. The experiment validates the prototype of network attack graph generating tools, and contrasts our method to the other used.

Anming Xie,Guodong Chen,Yonggang Wang,Zhong Chen,Jianbin Hu

DOI: https://doi.org/10.1109/SSIRI.2009.32

2009-01-01

Abstract:To address the scalability problem in attack graphs generation, we propose a novel method to generate attack graphs automatically. Our approach constructs a two- tier attack graph framework, which includes a host access graph and some sub-attack graphs. A sub-attack graph describes concrete attack scenarios from one source host to one target host, while the host access graph describes the attacker's privilege transition among hosts. Our sub-attack graphs and host access graph have remarkable smaller scales and can help network administrators to find the key hosts in attack sequences. Analysis shows that the upper bound computational cost of our model is O(N3), which could also be competed in real time. The following experiment validates our approach.

Yunpeng Li,Xi Li

DOI: https://doi.org/10.1155/2021/9921731

2021-05-07

Scientific Programming

Abstract:With the rapid development of the Internet, network attacks often occur, and network security is widely concerned. Searching for practical security risk assessment methods is a research hotspot in the field of network security. Network attack graph model is an active detection technology for the attack path. From the perspective of the attacker, it simulated the whole network attack scenario and then presented the dependency among the vulnerabilities in the target network in the way of directed graph. It is an effective tool for analyzing network vulnerability. This paper describes in detail the common methods and tools of network security assessment and analyzes the construction of theoretical model of attack graph, the optimization technology of attack graph, and the research status of qualitative and quantitative analysis technology of attack graph in network security assessment. The attack graph generated in the face of large-scale network is too complex to find the key vulnerability nodes accurately and quickly. Optimizing the attack graph and solving the key attack set can help the security manager better understand the security state of the nodes in the network system, so as to strengthen the security defense ability and guarantee the security of the network system. For all kinds of loop phenomena of directed attribute attack graph, the general method of eliminating loop is given to get an acyclic attack graph. On the basis of acyclic attack graph, an optimization algorithm based on path complexity is proposed, which takes atomic attack distance and atomic weight into consideration, and on the basis of simplified attack graph, minimum-cost security reinforcement is carried out for the network environment. Based on the ant colony algorithm, the adaptive updating principle of changing pheromone and the local searching strategy of the adaptive genetic algorithm are proposed to improve the ant colony algorithm. The experimental results show that compared with the ant colony algorithm, the improved ant colony algorithm can speed up the process of solving the optimal solution. When the number of attack paths is large, the advantages of the improved ant colony algorithm in solving accuracy and late search speed are more obvious, and it is more suitable for large-scale networks.

computer science, software engineering

Yong Wang,Xiao-chun Yun,Yongzheng Zhang,Shuyuan Jin,Yanchen Qiao

DOI: https://doi.org/10.1109/cit.2012.32

2012-01-01

Abstract:Network vulnerability analysis is one of the important techniques to protect network security. Modeling and classification of network vulnerability are introduced firstly, then the concept of attack capability transfer and the algorithm to produce it are presented, which can aggregate vulnerabilities with the same exploitation attributes and satisfying some constrains to simplify the further analysis. Based on the attack capability transfer, a new method constructing attack graph is presented, and the complexity is O(N2) where N is the number of hosts in a network. Through the analysis of attack graph, network vulnerability quantitative analysis is taken and security hardening method based on approximate greedy algorithm is presented, the complexity of which is O(V), where V is the number of vulnerabilities in a network. Experiment shows the effectiveness of the method.

Bintao Yuan,Zulie Pan,Fan Shi,Zhenhan Li

DOI: https://doi.org/10.1109/itnec48623.2020.9085039

2020-01-01

Abstract:With the popularity of network technology and the expansion of network scale, the network security risks are increasingly serious. Network vulnerability assessment methods, a technology of active network security defense, have attracted many researchers. Most existing network vulnerability assessment methods store different types of data in different ways, which makes querying and analyzing inefficient, especially in the complex large-scale network environment. In order to solve this problem, this paper proposes a method of network vulnerability assessment based on graph database. The network host information, association relationship between hosts and vulnerability information of the target network are stored in the graph database, the query and analysis are carried out by using the graph database query language. Graph database stores the information of the network hosts, association relationship among hosts and vulnerabilities of the target network. The graph database query language supports querying and analysis. Visualizing the network topology, vulnerability information and all possible attack paths provides a reference to develop the network security protection strategy. Experiments' results illustrate that the method runs efficiently and helps with querying and analysis, which is applicable to large-scale complex network environment.

Anmin Xie,Cong Tang,Nike Gui,Zhuhua Cai,Jian-bin Hu,Zhong Chen

DOI: https://doi.org/10.1109/ICC.2010.5502655

2010-01-01

Abstract:To protect our networks against malicious intrusions, we need to evaluate these networks security. Previous works on attack graphs have provided meaningful conclusions on security measurement. However, large attack graphs are still hard to be understood vividly, and few suggestions have been proposed to prevent inside malicious attackers from attacking networks. To address these problems, we propose a novel approach to evaluate network security based on adjacency matrixes, which are constructed from existing attack graphs. With our model, we use gray scale images to show overall security vividly, and get quantitative evaluation scores. Moreover, we create a prioritized list of potential threatening hosts, which can help network administrators to harden network step by step. Analysis on computation cost shows that the upper bound computation cost of our measurement methodology is O(N3), which could be completed in real time. We also give an example to show how to put our methods in practice.