Title :
A Method for Global Attack Graph Generation
Author :
Man, Dapeng ; Zhang, Bing ; Yang, Wu ; Jin, Wenjin ; Yang, Yongtian
Author_Institution :
Harbin Eng. Univ., Harbin
Abstract :
Existing attack graph generation methods can only generate attack graphs for the single target, and the scale of the generated graphs is too large. To solve these problems, a global attack graph generation method is proposed on the basis of breadth-first search algorithm. The strategies that limit attack steps and success probability of attack paths are adopted to reduce the scale of the attack graph. The experimental results indicate that using the graph which is generated by this method can analyze network vulnerabilities from the global angle. In addition, this method is validated that it is effective to remove the redundancy edges and nodes of the attack graph, consequently reduces the scale of the attack graph.
Keywords :
graph theory; security of data; breadth-first search algorithm; global angle; global attack graph generation; network security; network vulnerabilities; Analytical models; Authorization; Computer networks; Electronic mail; Explosions; Information security; Large-scale systems; National security; Research and development; Attack graph; Network security; Security Evaluation; Vulnerability analysis;
Conference_Titel :
Networking, Sensing and Control, 2008. ICNSC 2008. IEEE International Conference on
Conference_Location :
Sanya
Print_ISBN :
978-1-4244-1685-1
Electronic_ISBN :
978-1-4244-1686-8
DOI :
10.1109/ICNSC.2008.4525217
