Tao Zhang,MingZeng Hu,Dong Li,Liang Sun

2005-01-01

Journal of Information and Computational Science

Abstract:Network security evaluation is an important domain of network security. As the traditional method, the result of vulnerability scanning couldn't directly reflect complex attack routes existing in network, so many methods based on security model were presented, and the attack graph is a hot topic in these methods. In this paper we introduce a method to generate the attack graph. After analyzing host computer, devices connection relation and the characteristic of attack, the model of network security status was built. A forward-search, breadth-first and depth-limited (attack steps limited) algorithm is used to produce attack route, and the tools to generate the attack graph is implemented. The experiment validates that the method to generate attack graph is feasible, and we show that the method is more effective than the other methods used.

TAO ZHANG,HU MING-ZENG,XIAO-CHUN YUN,YONG-ZHENG ZHANG

2005-01-01

Abstract:As an important method to analyze the security states of computer network, the generation of network attack graph is a hot topic in this domain. After analyzing network vulnerabilities, linking relation between devices and the characteristic of attack, the model of network security states is built, and the generating algorithm of attack graph is implemented. The experiment validates the prototype of generating tools of network attack graph. Key-Words: Network Security; Security Analysis; Attack; Attack Graph

Tao Zhang,MingZeng Hu,Dong Li,Liang Sun

DOI: https://doi.org/10.1109/icmlc.2005.1527624

2005-01-01

Abstract:As the traditional method, the result of vulnerability scanning can't directly reflect complex attack routes existing in network, so the attack graph is presented. After analyzing host computer, devices link relation and the characteristic of attack, the model of network security status was built. A forward-search, breadth-first and depth-limited (attack steps limited) algorithm is used to produce attack route, and the tools to generate the attack graph is implemented. The experiment validates the prototype of network attack graph generating tools, and contrasts our method to the other used.

Tao Zhang,Chong Wu

DOI: https://doi.org/10.1109/waim.2008.68

2008-01-01

Abstract:As an important method to analyze the security status of computer network, generating of network attack graph is a hot topic in this domain. After analyzing network security attributes including the host, user privilege, connection relation, etc., the model of computer network security status space is built. The node of attack graph expresses the network security status, and the directed-line expresses the attack rule. We use a forward-search, breadth-first and depth-limited algorithm to produce attack route, and utilize the tools Graphviz to generate the attack graph. The experiment validates the prototype of network attack graph automatic generating tools based on security status space.

MA Jun-chun,SUN Ji-yin,WANG Yong-jun,LI Lin-lin

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2011.04.004

2011-01-01

Abstract:This paper proposes a kind of attack graph generation algorithm for large-scale complex network system.Model the target network in four levels: hosts′ accessibility,security systems,host systems and network services,and propose an automatic gain technology for hosts′ accessibility parameters.This algorithm supports effectively the modeling automatically of large-scale target network.From the experiment results we can see,this algorithm can satisfy analyzing network security and the action of attacker roundly.

SUN Liang,LI Dong,ZHANG Tao

DOI: https://doi.org/10.3969/j.issn.1001-3695.2006.03.040

2006-01-01

Abstract:Network attack graph is an important method to analyze the security status of computer network,and it plays a guiding role for the establishment of network security policy.Recently,automatic generating of network attack graph is a hot topic for the domestic and overseas researchers.After analyzing lots of network vulnerabilities and the characteristic of(compu-)(ter) network,the model of network security status was built,and the prototype of network attack graph automatic generating system was designed and implemented.

Zhiming Liu,Sheng Li,Jin He,Di Xie,Zhantao Deng

DOI: https://doi.org/10.1109/imccc.2012.50

2012-01-01

Abstract:Today's computer systems face lots of challenges in the fast rate of emerging security problems. To accurately assess the security of computer network systems, one must understand how vulnerabilities can be combined to stage an attack. Attack graphs are important tools for analyzing security vulnerabilities in enterprise networks. However, the complexity of traditional method for generating attack graphs increases dramatically as the network size grows. To solve this problem, the efficiency of attack graph generation method must be improved. Based on the analysis of generation approaches to attack graphs, an attack graph generation method for complex network is proposed in this paper. In this method, the network framework and key nodes can be analyzed and searched by loopholes scanning firstly. Then, starting from these key nodes, the algorithm which combined greedy policy, forward exploration and backward searching is used to generate the attack graph. Experimental results prove that the model can make a comprehensive analysis on network security and research the estimation of network attack.

Wenhui Hu,Long Zhang,Xueyang Liu,Yu Huang,Minghui Zhang,Liang Xing

DOI: https://doi.org/10.1109/bigdatasecurity-hpsc-ids49724.2020.00033

2020-01-01

Abstract:In view of the problem that the overall security of the network is difficult to evaluate quantitatively, we propose the edge authority attack graph model, which aims to make up for the traditional dependence attack graph to describe the relationship between vulnerability behaviors. This paper proposed a network security metrics based on probability, and proposes a network vulnerability algorithm based on vulnerability exploit probability and attack target asset value. Finally, a network security reinforcement algorithm with network vulnerability index as the optimization target is proposed based on this metric algorithm.

Anming Xie,Guodong Chen,Yonggang Wang,Zhong Chen,Jianbin Hu

DOI: https://doi.org/10.1109/SSIRI.2009.32

2009-01-01

Abstract:To address the scalability problem in attack graphs generation, we propose a novel method to generate attack graphs automatically. Our approach constructs a two- tier attack graph framework, which includes a host access graph and some sub-attack graphs. A sub-attack graph describes concrete attack scenarios from one source host to one target host, while the host access graph describes the attacker's privilege transition among hosts. Our sub-attack graphs and host access graph have remarkable smaller scales and can help network administrators to find the key hosts in attack sequences. Analysis shows that the upper bound computational cost of our model is O(N3), which could also be competed in real time. The following experiment validates our approach.

赵芳芳,陈秀真,李建华

DOI: https://doi.org/10.3969/j.issn.1000-3428.2008.23.057

2008-01-01

Abstract:After researching a variety of attack graphs generation methods,this paper proposes a related algorithm based on privilege escalation,and designs an effective tool to generate attack graphs.This tool describes network attack model in database language,which including 3 attributes that is host description,network connectivity and exploit rule,and stores network configurations and host information into database automatically.Attack affair graph is generated according to the dependency algorithm that integrates the breadth-first forward exploration and the backward.The attack graph can achieve the whole analysis of network security.

Anming Xie,Guodong Chen,Yonggang Wang,Zhong Chen,Jianbin Hu

2009-01-01

Abstract:To address the scalability problem in attack graphs generation, we propose a novel method to generate attack graphs automatically. Our approach constructs a two- tier attack graph framework, which includes a host access graph and some sub-attack graphs .A sub-attack graph describes concrete attack scenarios from one source host to one target host, while the host access graph describes the attacker's privilege transition among hosts. Our sub-attack graphs and host access graph have remarkable smaller scales and can help network administrators to find the key hosts in attack sequences. Analysis shows that the upper bound computational cost of our model is O(N 3 ), which could also be competed in real time. The following experiment validates our approach. Keywords-network security; attack graphs; host access graph; sub-attack graph; I. INTRODUCTION

Yonggang Wang,Yi Miao,Yang Yang,Zhong Chen,Jianbin Hu

2009-01-01

China Communications

Abstract:With the development of computer networks, the attacks with respect to them are increasing explosively. It is a very important problem for security testers to test the security situation of a specific network (i.e., to use a method to model all the possible attacks within the environment). Of all the modeling methods, the Network Attack Graph is widely used because of its Visual Intuition. Under this circumstance, this paper firstly introduces the construction methods of the Network Attack Graph, then describes its application in the network security, and lastly previews some research directions of the Network Attack Graph.

陆余良,宋舜宏,程微微,刘金红,施凡

DOI: https://doi.org/10.3969/j.issn.1000-2162.2010.04.004

2010-01-01

Abstract:Network attack graph has become one of the key tools for network security analysis.Based on the anatomy of generation approaches to attack graphs,this paper proposed important attributes and common functional framework for all these approaches.With some of the attributes as the metric,the approaches were classified.We concluded the current approaches and the research direction in the future.

XU Li,YUAN Yi,XUE Zhi

DOI: https://doi.org/10.3969/j.issn.1009-8054.2011.04.020

2011-01-01

Abstract:A large amount of security loophole is one of the important causes leading to the severe general security situation. The study on network security assessment is thus of significant practical importance. This paper describes in detail the method for building up the attack graph model, and gives an auto-generating algorithm of attack graph. An approach by using mathematic model to analyze attack graph for security assessment of network is proposed. With a virtual network environment, the method is verified. The proposed approach is of practical significance in the Study of attack graph.

SHI Hao,WANG Yi-jun,XUE Zhi

DOI: https://doi.org/10.3969/j.issn.1009-8054.2011.05.042

2011-01-01

Abstract:Due to the continuous growth of network size,the independent vulnerability analysis could not satisfy the requirement of security protection.Attack graph,as a new tool,could show the network structure clearly.Taking into account the interaction among the vulnerabilities,the people can identify overall risk of the network better and adopt proper a measures.However,the complexity of attack graphs generated by traditional generation methods would grow rapidly with the expansion of network scale.A fairly simple attack graph could be generated by a new method based on the knowledge of the administrator.This method generates attack graph from the key node of the network,and thus could reduce the scale of the attack graph effectively.

DING JINKE,LI DONG,HAO ZHIYU

DOI: https://doi.org/10.3969/j.issn.1008-0570.2008.09.024

2008-01-01

Abstract:To analyze the network vulnerability, based on the existing study, we build a network security analysis model and propose a optimized, reversed, breadth-first algorithm to generate network attack paths, and implement an attack paths generation system. The method is proved to be efficient and practical through the experiment.

Shengwei Yi,Yong Peng,Qi Xiong,Ting Wang,Zhonghua Dai,Haihui Gao,Junfeng Xu,Jiteng Wang,Lijuan Xu

DOI: https://doi.org/10.1109/ICASID.2013.6825274

2013-01-01

Abstract:Network vulnerability can be analyzed automatically by attack graph. Attack graph tools can generate attack paths in network and show users the network vulnerabilities analyzing process for network security risk analysis. There are some problems such as state space explosion, the high complexity of algorithms, being difficult to demonstrate graphically, and so on, for attack graph generation and visualization techniques. Therefore, we surveyed and analyzed the attack graph generation and visualization technology. We summarized the open source tools like MulVAL, TVA, Attack Graph Toolkit, NetSPA and so on, and the commercial tools, for example, Cauldron, FireMon, Skybox View. We compared and analyzed these tools from the aspects of the attack graph types, scalability, or complexity of attack graph generation algorithm, the degree of attack graph visualization. Their common denominator was summarized, and their different points were analyzed. The future and applications for attack graph were forecasted, for example its applications in industrial control systems, and in the network security defense and risk assessment.

Anming Xie,Zhuhua Cai,Cong Tang,Jianbin Hu,Zhong Chen

DOI: https://doi.org/10.1109/ACSAC.2009.22

2009-01-01

Abstract:Attack graphs play important roles in analyzing network security vulnerabilities, and previous works have provided meaningful conclusions on the generation and security measurement of attack graphs. However, it is still hard for us to understand attack graphs in a large network, and few suggestions have been proposed to prevent inside malicious attackers from attacking networks. To address these problems, we propose a novel approach to generate and describe attack graphs. Firstly, we construct a two-layer attack graph, where the upper layer is a hosts access graph and the lower layer is composed of some host-pair attack graphs. Compared with previous works, our attack graph has simpler structures, and reaches the best upper bound of computation cost in O(N2). Furthermore, we introduce the adjacency matrix to efficiently evaluate network security, with overall evaluation results presented by gray scale images vividly. Thirdly, by applying prospective damage and important weight factors on key hosts with crucial resources, we can create prioritized lists of potential threatening hosts and stepping stones, both of which can help network administrators to harden network security. Analysis on computation cost shows that the upper bound computation cost of our measurement methodology is O(N3), which could also be completed in real time. Finally, we give some examples to show how to put our methods in practice.

Feng Chen,Jinshu Su

DOI: https://doi.org/10.1109/ISECS.2008.122

2008-01-01

Abstract:The previous approaches to measuring network security are most based on the hypothesis that the related source data can be known well and truly. But in practice,it is very difficult to obtain all the related accurate source data [22]. In this paper, we propose a flexible approach based on attack graphs to measuring security of crucial resources in vulnerable network, which could bring out the accurate result of measuring network security with incomplete input data. Another key improvement is presenting the backward iterative algorithm to solve the problem of cyclic attack paths in measuring security using attack graphs. At the same time, the simulation experiment demonstrates the algorithm can be applied to the large attack graphs.

CHENG Ye-xia,JIANG Wen,XUE Zhi,CHENG Ye-yan

DOI: https://doi.org/10.3969/j.issn.1002-0802.2012.09.028

2012-01-01

Abstract:In order to strengthen the security of network and carry out analysis and assessment of network threats,and based on the characteristics of attack graph,an automatic network threats modeling method for attack graph is proposed.Before generating attack graph,the network threats model is abstracted,including the information of four components such as host,topology,vulnerability and attacker.Then in accordance with the network threats model,the automatic modeling method and its automatic flow are given.Based on these and model checking algorithm,and in combination of Büchi model and CTL description,the attack graph is generated.The research could lay a foundation for the application of attack graph.