Anming Xie,Guodong Chen,Yonggang Wang,Zhong Chen,Jianbin Hu

DOI: https://doi.org/10.1109/SSIRI.2009.32

2009-01-01

Abstract:To address the scalability problem in attack graphs generation, we propose a novel method to generate attack graphs automatically. Our approach constructs a two- tier attack graph framework, which includes a host access graph and some sub-attack graphs. A sub-attack graph describes concrete attack scenarios from one source host to one target host, while the host access graph describes the attacker's privilege transition among hosts. Our sub-attack graphs and host access graph have remarkable smaller scales and can help network administrators to find the key hosts in attack sequences. Analysis shows that the upper bound computational cost of our model is O(N3), which could also be competed in real time. The following experiment validates our approach.

Anming Xie,Guodong Chen,Yonggang Wang,Zhong Chen,Jianbin Hu

2009-01-01

Abstract:To address the scalability problem in attack graphs generation, we propose a novel method to generate attack graphs automatically. Our approach constructs a two- tier attack graph framework, which includes a host access graph and some sub-attack graphs .A sub-attack graph describes concrete attack scenarios from one source host to one target host, while the host access graph describes the attacker's privilege transition among hosts. Our sub-attack graphs and host access graph have remarkable smaller scales and can help network administrators to find the key hosts in attack sequences. Analysis shows that the upper bound computational cost of our model is O(N 3 ), which could also be competed in real time. The following experiment validates our approach. Keywords-network security; attack graphs; host access graph; sub-attack graph; I. INTRODUCTION

Tao Zhang,MingZeng Hu,Dong Li,Liang Sun

DOI: https://doi.org/10.1109/icmlc.2005.1527624

2005-01-01

Abstract:As the traditional method, the result of vulnerability scanning can't directly reflect complex attack routes existing in network, so the attack graph is presented. After analyzing host computer, devices link relation and the characteristic of attack, the model of network security status was built. A forward-search, breadth-first and depth-limited (attack steps limited) algorithm is used to produce attack route, and the tools to generate the attack graph is implemented. The experiment validates the prototype of network attack graph generating tools, and contrasts our method to the other used.

Wenhui Hu,Long Zhang,Xueyang Liu,Yu Huang,Minghui Zhang,Liang Xing

DOI: https://doi.org/10.1109/bigdatasecurity-hpsc-ids49724.2020.00033

2020-01-01

Abstract:In view of the problem that the overall security of the network is difficult to evaluate quantitatively, we propose the edge authority attack graph model, which aims to make up for the traditional dependence attack graph to describe the relationship between vulnerability behaviors. This paper proposed a network security metrics based on probability, and proposes a network vulnerability algorithm based on vulnerability exploit probability and attack target asset value. Finally, a network security reinforcement algorithm with network vulnerability index as the optimization target is proposed based on this metric algorithm.

TAO ZHANG,HU MING-ZENG,XIAO-CHUN YUN,YONG-ZHENG ZHANG

2005-01-01

Abstract:As an important method to analyze the security states of computer network, the generation of network attack graph is a hot topic in this domain. After analyzing network vulnerabilities, linking relation between devices and the characteristic of attack, the model of network security states is built, and the generating algorithm of attack graph is implemented. The experiment validates the prototype of generating tools of network attack graph. Key-Words: Network Security; Security Analysis; Attack; Attack Graph

MA Jun-chun,SUN Ji-yin,WANG Yong-jun,LI Lin-lin

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2011.04.004

2011-01-01

Abstract:This paper proposes a kind of attack graph generation algorithm for large-scale complex network system.Model the target network in four levels: hosts′ accessibility,security systems,host systems and network services,and propose an automatic gain technology for hosts′ accessibility parameters.This algorithm supports effectively the modeling automatically of large-scale target network.From the experiment results we can see,this algorithm can satisfy analyzing network security and the action of attacker roundly.

Tao Zhang,MingZeng Hu,Dong Li,Liang Sun

2005-01-01

Journal of Information and Computational Science

Abstract:Network security evaluation is an important domain of network security. As the traditional method, the result of vulnerability scanning couldn't directly reflect complex attack routes existing in network, so many methods based on security model were presented, and the attack graph is a hot topic in these methods. In this paper we introduce a method to generate the attack graph. After analyzing host computer, devices connection relation and the characteristic of attack, the model of network security status was built. A forward-search, breadth-first and depth-limited (attack steps limited) algorithm is used to produce attack route, and the tools to generate the attack graph is implemented. The experiment validates that the method to generate attack graph is feasible, and we show that the method is more effective than the other methods used.

Tao Zhang,Mingzeng Hu,Xiaochun Yun,Dong Li,Liang Sun

DOI: https://doi.org/10.3321/j.issn:1002-0470.2006.04.004

2006-01-01

Abstract:Aiming at the requirement of network security analysis, a flexible method to generate attack graph is presented. After analyzing network security attributes including the host, user privilege, connection relation, etc., the network security model is built, and the model could describe the network security status. A forward-search, breadth-first algorithm is used to produce attack route, and the tools Graphviz isutilized to generate the attack graph. The experimental rersults validate that our method is feasible.

Ningyuan Cao,Kun Lv,Changzhen Hu

DOI: https://doi.org/10.1007/978-3-030-03026-1_3

2018-01-01

Abstract:Attack graph is used as a model that enumerates all possible attack paths based on a comprehensive analysis of multiple network configurations and vulnerability information. An attack graph generation method based on parallel computing is therefore proposed to solve the thorny problem of calculations as the network scale continues to expand. We utilize multilevel k-way partition algorithm to divide network topology into parts in efficiency of parallel computing and introduce Spark into the attack graph generation as a parallel computing platform. After the generation, we have a tool named Monitor to regenerate the attack graph of the changed target network. The method can improve the speed of calculations to solve large and complex computational problems and save time of generating the whole attack graph when the network changed. The experiments which had been done show that the algorithm proposed to this paper is more efficient benefiting from smaller communication overhead and better load balance.

LIU Long,CHEN Xiu-zhen,LI Jian-hua

DOI: https://doi.org/10.3969/j.issn.1000-3428.2013.10.027

2013-01-01

Abstract:As the generation of attack graph without loops leads to missing of attack paths, this paper puts forward the concept of complete attack graph and builds its automatic generation method. It obtains the network connectivity automatically by analyzing the firewall configuration files, to get rid of tedious manual input. Then the attack patterns are enriched to cover almost all network attack types and based on them, an efficient approach to complete attack graph generation is built. In the end, a model to generate complete attack graph automatically using the algorithm is built. Experimental result shows that this method has less time consumption, high degree of automation,and it can be applied to large networks.

Zhiming Liu,Sheng Li,Jin He,Di Xie,Zhantao Deng

DOI: https://doi.org/10.1109/imccc.2012.50

2012-01-01

Abstract:Today's computer systems face lots of challenges in the fast rate of emerging security problems. To accurately assess the security of computer network systems, one must understand how vulnerabilities can be combined to stage an attack. Attack graphs are important tools for analyzing security vulnerabilities in enterprise networks. However, the complexity of traditional method for generating attack graphs increases dramatically as the network size grows. To solve this problem, the efficiency of attack graph generation method must be improved. Based on the analysis of generation approaches to attack graphs, an attack graph generation method for complex network is proposed in this paper. In this method, the network framework and key nodes can be analyzed and searched by loopholes scanning firstly. Then, starting from these key nodes, the algorithm which combined greedy policy, forward exploration and backward searching is used to generate the attack graph. Experimental results prove that the model can make a comprehensive analysis on network security and research the estimation of network attack.

Anming Xie,Zhuhua Cai,Cong Tang,Jianbin Hu,Zhong Chen

DOI: https://doi.org/10.1109/ACSAC.2009.22

2009-01-01

Abstract:Attack graphs play important roles in analyzing network security vulnerabilities, and previous works have provided meaningful conclusions on the generation and security measurement of attack graphs. However, it is still hard for us to understand attack graphs in a large network, and few suggestions have been proposed to prevent inside malicious attackers from attacking networks. To address these problems, we propose a novel approach to generate and describe attack graphs. Firstly, we construct a two-layer attack graph, where the upper layer is a hosts access graph and the lower layer is composed of some host-pair attack graphs. Compared with previous works, our attack graph has simpler structures, and reaches the best upper bound of computation cost in O(N2). Furthermore, we introduce the adjacency matrix to efficiently evaluate network security, with overall evaluation results presented by gray scale images vividly. Thirdly, by applying prospective damage and important weight factors on key hosts with crucial resources, we can create prioritized lists of potential threatening hosts and stepping stones, both of which can help network administrators to harden network security. Analysis on computation cost shows that the upper bound computation cost of our measurement methodology is O(N3), which could also be completed in real time. Finally, we give some examples to show how to put our methods in practice.

Siying He,Mi Wen,Xiumin Li,Zhou Su

DOI: https://doi.org/10.1109/ICCC57788.2023.10233417

2023-01-01

Abstract:With the complexity and variability of cyber attacks increasing, current approaches for constructing attack scenarios often overlook the continuity of attack behaviors. These approaches lead to challenges in dynamically reconstructing the complete attack path. Additionally, many false alerts significantly reduce the accuracy of restoring an attack scenario. Against these issues, this paper proposes an approach for attack scenario construction based on a dynamic attack path graph. First, this paper proposes an alert truth rate calculating approach which utilizes mutual information. And the paper constructs the attack path graph by considering multiple dimensions, including calculated alert features and alert truth rate. In addition, an attack chain generation algorithm is proposed to restore the dynamic and complete attack scenario. Secondly, in order to cope with the changing network, the paper introduces a dynamic probabilistic update algorithm that periodically adjusts the attack path as time progresses. Finally, Experimental results show that the proposed approach can recover all attack processes in the dataset, with an algorithmic complexity of O (M × N).

Feng Chen,Jinshu Su,Yi Zhang

DOI: https://doi.org/10.1007/978-3-642-00199-4_13

2009-01-01

Abstract:Attack graphs are valuable vulnerabilities analysis tools to network defenders and may be classified to two kinds by application. One is the partial attack graphs which illustrate the potential interrelations among the known vulnerabilities just related to the given attack goal in the targeted network, the other is full attack graphs which evaluate the potential interrelations among all the known vulnerabilities in the targeted network. The previous approaches to generating full attack graphs are suffering from two issues. One is the effective modeling language for full attack graphs generation and the other is the scalability to large enterprise network. In this paper, we firstly present a novel conceptual model for full attack graph generation that introduces attack pattern simplifying the process of modeling the attacker. Secondly, a formal modeling language VAML is proposed to describe the various elements in the conceptual model. Thirdly, based on VAML, a scalable approach to generate full attack graphs is put forward. The prototype system CAVS has been tested on an operational network with over 150 hosts. We have explored the system's scalability by evaluating simulated networks with up to one thousand hosts and various topologies. The experimental result shows the approach could be applied to large networks.

Jianping Zeng,Shuang Wu,Yanyu Chen,Rui Zeng,Chengrong Wu

DOI: https://doi.org/10.1155/2019/2031063

2019-01-01

Abstract:AbstractAttack graph can simulate the possible paths used by attackers to invade the network. By using the attack graph, the administrator can evaluate the security of the network and analyze and predict the behavior of the attacker. Although there are many research studies on attack graph, there is no systematic survey for the related analysis methods. This paper firstly introduces the basic concepts, generation methods, and computing tasks of the attack graph, and then, several kinds of analysis methods of attack graph, namely, graph-based method, Bayesian network-based method, Markov model-based method, cost optimization method, and uncertainty analysis method, are described in detail. Finally, comparative study of the methods and future work are provided. We believe that this work would help the research community to understand the attack graph analysis method systematically.

Heng Li,Yongjun Wang,Yuan Cao

DOI: https://doi.org/10.1016/j.procs.2017.03.052

2017-01-01

Procedia Computer Science

Abstract:Attack graph is an effective method for network vulnerability analysis, existing methods of attack graph cant meet the requirements of the dynamical analysis of the large-scale complex network. In this paper, we proposed a searching forward complete attack graph generation algorithm based on hypergraph partitioning. First, ensure the load balancing of each of the computing agents by hypergraph partitioning; second, summarize various new attack templates; third, propose vulnerabilities exploited assumption, improve the efficiency of attack graph generation, reduce the recomputed work of attack graph generation dynamically; last, propose a new idea that generating the attack graph from the vulnerabilities to attacker reversely, ensure the integrity of vulnerabilities analysis, reduce the additional store memory and computing resources

赵芳芳,陈秀真,李建华

DOI: https://doi.org/10.3969/j.issn.1000-3428.2008.23.057

2008-01-01

Abstract:After researching a variety of attack graphs generation methods,this paper proposes a related algorithm based on privilege escalation,and designs an effective tool to generate attack graphs.This tool describes network attack model in database language,which including 3 attributes that is host description,network connectivity and exploit rule,and stores network configurations and host information into database automatically.Attack affair graph is generated according to the dependency algorithm that integrates the breadth-first forward exploration and the backward.The attack graph can achieve the whole analysis of network security.

DING JINKE,LI DONG,HAO ZHIYU

DOI: https://doi.org/10.3969/j.issn.1008-0570.2008.09.024

2008-01-01

Abstract:To analyze the network vulnerability, based on the existing study, we build a network security analysis model and propose a optimized, reversed, breadth-first algorithm to generate network attack paths, and implement an attack paths generation system. The method is proved to be efficient and practical through the experiment.

Yun Chen,Kun Lv,Changzhen Hu

DOI: https://doi.org/10.1007/978-3-319-64701-2_29

2017-01-01

Abstract:Attack graph is a general paradigm to model the weakness of an information system network and all possible attack sequences that attackers can obtain specific targets. In real systems, a vast majority of attack graph generation methods suffer from the states explosion issue. However, if we can predict which attack actions will own the maximum probability to be exploited by intruders precisely, namely finding the optimal attack path, we can solve this problem. In this paper, we propose an attack graph generation algorithm based on supervised Kohonen neural network. Using this method, we can presage the attack success rate and attack status types which would be attained if attackers successfully exploit vulnerabilities. Based on these results and the network topology, a probabilistic matrix and an optimal atomic attack matrix are proposed by us. Finally, the two matrices can be effectively used to generate the optimal attack path. After modeling the optimal path, the core nodes in the target network can be located, and network administrators can enact a series of effective defense strategies according to them.

CHEN Feng,ZHANG Yi,BAO Ai-hua,SU Jin-shu

DOI: https://doi.org/10.3969/j.issn.1007-130x.2010.10.003

2010-01-01

Abstract:Attack graph is a model-based vulnerability analysis technology.It may automatically analyze the interrelation among vulnerabilities in the network and the potential threat resulting from the vulnerabilities,which is one of problems the quantitative vulnerability assessment must solve.This paper proposes a novel quantitative vulnerability assessment method based on attribute-based attack graphs.First attribute-based attack graphs and valid attack paths are formally described,and maximal reachable probability is adopted to measure the vulnerability of the key attribute set of the target network.An algorithm for computing maximal reachable probability is presented to solve the problem of loop attack paths.Finally,because some data may not be obtained in practical assessment,the conception of creditability is introduced to measure the impact of absent data on the result.