RAPn: Network Attack Prediction Using Ranking Access Petri Net

Exploits sequencing is a typical way by which an attacker breaks into a network. In such a scenario, each exploit lays as an atomic proposition for subsequent exploits. An attack path is seen as a succession of exploits which take an attacker right to his/her final goal. The set of all possible attack paths form an attack graph. Researchers have proposed a multitude of techniques to generate attack graph which grows exponentially in the size of the network. Hence it is preferable to optimize the choice of solutions which avoid the cost of scalability and cumbersome. In this paper, we propose a comprehensive approach to network vulnerability analysis by ranking access Petri net graph and utilizing a penetration tester´s perspective of maximal level of access possible on a host. Our approach has the following benefits: it provides a simple model in which an analyst can work, its algorithmic complexity is polynomial in the size of the network, and has the ability of scaling well to large size networks. Nevertheless, it has some drawback as in place of all possible attack paths, we seek only good attack paths. An analyst may make suboptimal choices when repairing the network.