Title :
An Improved Algorithm for Generation of Attack Graph Based on Virtual Performance Node
Author :
Zhao, Yihuan ; Wang, Zulin ; Zhang, Xudong ; Zheng, Jing
Author_Institution :
Sch. of Electron. & Inf. Eng., Beijing Univ. of Aeronaut. & Astronaut., Beijing, China
Abstract :
A variety of graph-based algorithms have been proposed to generate attack graph automatically, few of which take network performance into consideration and satisfy the purpose of network vulnerability analysis. In this paper, Virtual Performance Node (VPN) is defined and an improved graph-based algorithm is proposed. The performance decrease due to attacker´s incursion in the whole network is regarded as the attacker´s expectation and VPNs are chosen as the net status. This method makes attack graph have an extra ability to measure the attack effect with network performance loss. The algorithm is compared with other methods in the analysis of an experimental network. The results show that the improved attack graph has the least status and acts well with human cognitive habits, which makes it more useful to analyze network vulnerability.
Keywords :
computer network performance evaluation; graph theory; security of data; telecommunication security; attack graph; graph-based algorithm; net status; network performance loss; network vulnerability analysis; virtual performance node; Algorithm design and analysis; Extraterrestrial measurements; Graph theory; Humans; Information analysis; Information security; Loss measurement; Performance analysis; Performance loss; Virtual private networks; attack effect; attack graph; network performance; network security; vulnerability analysis;
Conference_Titel :
Multimedia Information Networking and Security, 2009. MINES '09. International Conference on
Conference_Location :
Hubei
Print_ISBN :
978-0-7695-3843-3
Electronic_ISBN :
978-1-4244-5068-8
DOI :
10.1109/MINES.2009.43
