Research of Network Vulnerability Analysis Based on Attack Capability Transfer

Author

Wang, Yong ; Yun, Xiaochun ; Zhang, Yongzheng ; Jin, Shuyuan ; Qiao, YanChen

Author_Institution

Inst. of Comput. Technol., Grad. Univ. of Chinese Acad. of Sci., Beijing, China

fYear

2012

fDate

27-29 Oct. 2012

Firstpage

38

Lastpage

44

Abstract

Network vulnerability analysis is one of the important techniques to protect network security. Modeling and classification of network vulnerability are introduced firstly, then the concept of attack capability transfer and the algorithm to produce it are presented, which can aggregate vulnerabilities with the same exploitation attributes and satisfying some constrains to simplify the further analysis. Based on the attack capability transfer, a new method constructing attack graph is presented, and the complexity is O(N2) where N is the number of hosts in a network. Through the analysis of attack graph, network vulnerability quantitative analysis is taken and security hardening method based on approximate greedy algorithm is presented, the complexity of which is O(V), where V is the number of vulnerabilities in a network. Experiment shows the effectiveness of the method.

Keywords

computational complexity; computer network security; graph theory; greedy algorithms; O(N²) complexity; O(V) complexity; approximate greedy algorithm; attack capability transfer; attack graph; network security; network vulnerability analysis; network vulnerability quantitative analysis; security hardening method; Analytical models; Complexity theory; Databases; Electronic mail; Security; Servers; Silicon; Attack Capability Transfer; Attack Graph; Network Security Hardening; Network Vulnerability Modeling; Vulnerability;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer and Information Technology (CIT), 2012 IEEE 12th International Conference on

Conference_Location

Chengdu

Print_ISBN

978-1-4673-4873-7

Type

conf

DOI

10.1109/CIT.2012.32

Filename

6391871