Title :
A Goal-Oriented Approach for Modeling and Analyzing Attack Graph
Author :
Liu, Xuejiao ; Fang, Chengfang ; Xiao, Debao ; Xu, Hui
Author_Institution :
Inst. of Comput. Network & Commun., HuaZhong Normal Univ., Hubei, China
Abstract :
As network components are often highly interdependent and interconnected,an adversary outside can take advantage of multiple vulnerabilities in unexpected ways, incrementally penetrate a network and compromise critical systems. Attack graph is commonly used for analyzing network security level for its capability in reflecting all network vulnerabilities and their inter relationships. However, attack graph assumes an over pessimistic situation by giving the attacker unlimited power of exploiting each chain of vulnerabilities in the network, leading the complexity of analyzing to grow exponentially with the size of network. Therefore, the weakest paths suggested by such analysis could be inaccurate for adversary with limited computation power. In this paper, we investigate how attackers are planning to exploit vulnerabilities towards their targets and present the idea of a goal-oriented analysis of attack graph to address this problem. We give algorithms for analyzing network vulnerabilities, predicting attackers´s potential target, and giving suggestions on patching the weakest nodes based on attackers´ targets.
Keywords :
computer network security; attack graph analyzing; attack graph modeling; critical systems; goal-oriented approach; network security; network vulnerabilities; Algorithm design and analysis; Computer networks; Independent component analysis; National security; Performance analysis; Power system security; Protection; Software performance; Software systems; Software tools;
Conference_Titel :
Information Science and Applications (ICISA), 2010 International Conference on
Conference_Location :
Seoul
Print_ISBN :
978-1-4244-5941-4
Electronic_ISBN :
978-1-4244-5943-8
DOI :
10.1109/ICISA.2010.5480282
