Title :
A Component-Centric Access Graph Based Approach to Network Attack Analysis
Author :
Xiao, Xiaochun ; Zhang, Tiange ; Wang, Huan ; Zhang, Gendu
Author_Institution :
Sch. of Compute Sci., Fudan Univ., Shanghai
Abstract :
Going beyond vulnerability scanning tools that make lists of known vulnerabilities locating on given individual hosts, attack graphs identify all possible attack paths that end in a state where an attacker has successfully achieved his goal. But the algorithmic complexity grows exponential in the size of the network. The access graph is proposed as a complement to the attack graph approach which is host-centric and grows polynomially with the number of hosts and so has the benefit of being computationally feasible on large networks. In this paper, we propose a novel component-centric access graph. Based on the modeling substrates for network, hosts, vulnerabilities and the component-centric access graph, the access graph generation algorithm and a number of ways the security administrator can use the resulting access graph to help secure the network are discussed. Compared with related works, our approach improves the performance and further reduces the computational cost.
Keywords :
computer networks; graph theory; telecommunication security; access graph generation algorithm; attack graph; component-centric access graph; network attack analysis; network security; Algorithm design and analysis; Computer network management; Computer networks; Engineering management; Information analysis; Information management; Information technology; Polynomials; Seminars; Technology management; access graph; network attack; network security;
Conference_Titel :
Future Information Technology and Management Engineering, 2008. FITME '08. International Seminar on
Conference_Location :
Leicestershire, United Kingdom
Print_ISBN :
978-0-7695-3480-0
DOI :
10.1109/FITME.2008.123
