Title :
An effective method to generate attack graph
Author :
Zhang, Tao ; Hu, Ming-Zeng ; Li, Dong ; Sun, Liang
Author_Institution :
Res. Center of Comput. Network & Inf. Security Technol., Harbin Inst. of Technol., China
Abstract :
As the traditional method, the result of vulnerability scanning can´t directly reflect complex attack routes existing in network, so the attack graph is presented. After analyzing host computer, devices link relation and the characteristic of attack, the model of network security status was built. A forward-search, breadth-first and depth-limited (attack steps limited) algorithm is used to produce attack route, and the tools to generate the attack graph is implemented. The experiment validates the prototype of network attack graph generating tools, and contrasts our method to the other used.
Keywords :
computer networks; data flow graphs; security of data; telecommunication network routing; telecommunication security; tree searching; attack graph generation; breadth-first algorithm; depth-limited algorithm; forward-search algorithm; network attack routes; network security; security analysis; vulnerability scanning; Computer hacking; Computer networks; Computer security; Databases; Electronic mail; High-speed networks; Information security; Protection; Prototypes; Sun; Network security; attack graph; attack route; security analysis;
Conference_Titel :
Machine Learning and Cybernetics, 2005. Proceedings of 2005 International Conference on
Conference_Location :
Guangzhou, China
Print_ISBN :
0-7803-9091-1
DOI :
10.1109/ICMLC.2005.1527624
