Building intrusion path graphs for security incident handling procedures

Hardening network services and network architecture is the best defense and the easiest way to reduce security risks. However, there is no effective solution to correlate all weaknesses, network topology with connectivity, and intrusion alerts. As a result, it can be difficult for network administrators to determine the root cause of a security incident. In this paper, we propose “GReat Evil ENcroachments Eradicator (GREENER)”, which can analyze the above network information in-depth and establish an intrusion path graph to display comprehensive information of security breaches. With the help of GREENER, system administrators can discover detailed information about an incident and rapidly remove network intrusion issues associated with the hardening process to prevent the same type of intrusion from happening again. This study has demonstrated that GREENER meets the requirements for mitigating security threats and provides a practical security incident response solution.