Two formal analyses of attack graphs

Feng Chen,Yi Zhang,SU Jin-Shu,HAN Wen-Bao
DOI: https://doi.org/10.3724/SP.J.1001.2010.03584
2010-01-01
Ruan Jian Xue Bao/Journal of Software
Abstract:An attack graph is a model-based vulnerability analysis technology, which can automatically analyze the interrelation among vulnerabilities in the network and the potential threats resulting from the vulnerabilities. Since the state-based attack graphs can not be applied to the real large networks for the combinatorial explosion in the number of attack paths, the study is now shifted to attribute-based. Based on attribute-based attack graphs, this paper discusses the loop attack paths and the optimization security measures. For the former, an iterative algorithm is presented to find all the non-loop attack paths to the key attributes with their depth less than the given number n. For the latter, it is proved to be an NP-complete problem, and the greedy algorithm is proposed to solve the problem with polynomial time complexity. © by Institute of Software, the Chinese Academy of Sciences. All rights reserved.
What problem does this paper attempt to address?