Title :
A Scalable, Bidirectional-Based Search Strategy to Generate Attack Graphs
Author :
Ma, Junchun ; Wang, Yongjun ; Sun, Jiyin ; Hu, Xiaofeng
Author_Institution :
Sch. of Comput. Sci., NUDT, Changsha, China
fDate :
June 29 2010-July 1 2010
Abstract :
Attack graphs can reveal the threat of sophisticated multi-step attacks by enumerating possible sequences of exploits leading to the compromise of given critical resources. In order to resolve the current emergence methods of generating attack graphs is difficult to apply to the large-scale complex network system; this paper presents a scalable, bidirectional-based search strategy to generate attack graphs. On the one hand, it models the target network in four levels: network service, host system, security system, the host´s accessibility, at the same time, it puts forward a technology that can automatically acquire the parameters of the host´s accessibility, which effectively supports us to model a large-scale target network automatically and reduces the algorithm´s space complexity; on the other hand, it follows the assumption of monotonicity, using bidirectional-based search strategy to generate attack graphs, which achieves the overall analysis of network security, and also reduces the algorithm´s time complexity.
Keywords :
computational complexity; security of data; attack graph generation; bidirectional-based search strategy; host system; monotonicity assumption; network service; security system; sophisticated multistep attacks; space complexity; Algorithm design and analysis; Analytical models; Complexity theory; IP networks; Instruction sets; Security; Servers; accessibility; bi-direction; full attack graph; scalable; security systems;
Conference_Titel :
Computer and Information Technology (CIT), 2010 IEEE 10th International Conference on
Conference_Location :
Bradford
Print_ISBN :
978-1-4244-7547-6
DOI :
10.1109/CIT.2010.496
