Skip to main content
SpringerLink
Log in

Topological Vulnerability Analysis

  • Chapter
  • First Online:
Cyber Situational Awareness

Part of the book series: Advances in Information Security ((ADIS,volume 46))

Abstract

Traditionally, network administrators rely on labor-intensive processes for tracking network configurations and vulnerabilities. This requires a great deal of expertise, and is error prone because of the complexity of networks and associated security data. The interdependencies of network vulnerabilities make traditional point-wise vulnerability analysis inadequate. We describe a Topological Vulnerability Analysis (TVA) approach that analyzes vulnerability dependencies and shows all possible attack paths into a network. From models of the network vulnerabilities and potential attacker exploits, we compute attack graphs that convey the impact of individual and combined vulnerabilities on overall security. TVA finds potential paths of vulnerability through a network, showing exactly how attackers may penetrate a network. From this, we identify key vulnerabilities and provide strategies for protection of critical network assets.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. S. Jajodia, S. Noel, and B. O’Berry, “Topological Analysis of Network Attack Vulnerability,” in Managing Cyber Threats: Issues, Approaches and Challenges, V. Kumar, J. Srivastava, A. Lazarevic (eds.), Kluwer Academic Publisher, 2005, pages 248-266.

    Google Scholar 

  2. S. Jajodia, S. Noel, “Topological Vulnerability Analysis: A Powerful New Approach for Network Attack Prevention, Detection, and Response,” in Algorithms, Architectures and Information Systems Security (Indian Statistical Institute Platinum Jubilee Series), B. B. Bhattacharya, S. Sur-Kolay, S. C. Nandy, A. Bagchi, eds., World Scientific, New Jersey, 2009, pages 285–305.

    Google Scholar 

  3. S. Noel, M. Jacobs, P. Kalapa. S. Jajodia, “Multiple Coordinated Views for Network Attack Graphs,” in IEEE Workshop on Visualization for Computer Security (VizSEC2005), Minneapolis, MN, October, 2005, pages 99–106.

    Google Scholar 

  4. L. Wang, S. Noel, S. Jajodia, “Minimum-Cost Network Hardening Using Attack Graphs,” Computer Communications, 29(18), 2006, pages 3812–3824.

    Article  Google Scholar 

  5. S. Noel, S. Jajodia, “Optimal IDS Sensor Placement and Alert Prioritization Using Attack Graphs,” Journal of Network and Systems Management, 16(3), 2008, pages 259–275.

    Article  Google Scholar 

  6. S. Noel, E. Robertson, S. Jajodia, “Correlating Intrusion Events and Building Attack Scenarios through Attack Graph Distances,” in Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC), 2004, pages 350–359.

    Google Scholar 

  7. R. Deraison, Nessus, http://www.nessus.org.

  8. eEye Digital Security, Retina Network Security Scanner, http://www.eeye.com/html/Products/Retina/index.html.

  9. Foundstone, FoundScan Frequently Asked Questions, http://www.foundstone.com/us/index.asp.

  10. Secure Computing, Sidewinder Firewall Device, http://www.securecomputing.com/.

  11. Centennial Software, Discovery Asset Management, http://www.centennial-software.com/.

  12. Symantec, Altiris, http://www.altiris.com/.

  13. NIST, National Vulnerability Database (NVD), http://nvd.nist.gov/.

  14. Security Focus, Bugtraq Vulnerabilities, http://www.securityfocus.com/vulnerabilities.

  15. Symantec Corporation, Symantec DeepSight Threat Management System, https://tms.symantec.com/Default.aspx.

  16. Open Source Vulnerability Database, http://osvdb.org/.

  17. MITRE Corporation, CVE - Common Vulnerabilities and Exposures, http://cve.mitre.org/.

  18. R. Ritchey, B. O’Berry, S. Noel, “Representing TCP/IP Connectivity for Topological Analysis of Network Security,” in Proceedings of the 18th Annual Computer Security Applications Conference (ACSAC), 2002, pages 156–165.

    Google Scholar 

  19. D. Turner, M. Fossi, E. Johnson, T. Mack, J. Blackbird, S. Entwisle, M. K. Low, D. McKinney, C. Wueest, Symantec Global Internet Security Threat Report Trends, 2008.

    Google Scholar 

  20. NIST, Security Content Automation Protocol (SCAP), http://nvd.nist.gov/scap.cfm.

  21. MITRE, Common Platform Enumeration (CPE), http://cpe.mitre.org/.

  22. MITRE, Oval Language, http://oval.mitre.org/.

  23. P. Ammann, D. Wijesekera, S. Kaushik, “Scalable, Graph-Based Network Vulnerability Analysis,” in Proceedings of the 9th ACM Conference on Computer and Communications Security, Washington, DC, pages 217–224.

    Google Scholar 

  24. S. Noel, J. Jajodia, “Understanding Complex Network Attack Graphs through Clustered Adjacency Matrices,” in Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC), 2005, pages 160–169.

    Google Scholar 

  25. D. Zerkle, K. Levitt, “Netkuang: A Multi-Host Configuration Vulnerability Checker,” in Proceedings of the 6th USENIX Unix Security Symposium, 1996.

    Google Scholar 

  26. R. Ritchey, P. Ammann, “Using Model Checking to Analyze Network Vulnerabilities,” in Proceedings of the IEEE Symposium on Security and Privacy, 2000.

    Google Scholar 

  27. L. Swiler, C. Phillips, D. Ellis, S. Chakerian, “Computer-Attack Graph Generation Tool,” in Proceedings of the DARPA Information Survivability Conference & Exposition II, 2001.

    Google Scholar 

  28. O. Sheyner, J. Haines, S. Jha, R. Lippmann, J. Wing, “Automated Generation and Analysis of Attack Graphs,” in Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA.

    Google Scholar 

  29. R. Lippmann, K. Ingols, C. Scott, K. Piwowarski, K. Kratkiewicz, M. Artz, R. Cunningham, “Validating and Restoring Defense in Depth Using Attack Graphs,” in Proceedings of the MILCOM Military Communications Conference, 2006.

    Google Scholar 

  30. S. Noel, S. Jajodia, “Managing Attack Graph Complexity through Visual Hierarchical Aggregation,” in Proceedings of the ACM CCS Workshop on Visualization and Data Mining for Computer Security Fairfax, Virginia.

    Google Scholar 

  31. W. Li, An Approach to Graph-Based Modeling of Network Exploitations, PhD dissertation, Department of Computer Science, Mississippi State University, 2005.

    Google Scholar 

  32. F. Cuppens, R. Ortalo, “LAMBDA: A Language to Model a Database for Detection of Attacks,” in 3rd International Workshop on Recent Advances in Intrusion Detection, 2000.

    Google Scholar 

  33. S. Templeton, K. Levitt, “A Requires/Provides Model for Computer Attacks,” in New Security Paradigms Workshop, 2000.

    Google Scholar 

  34. Skybox Security, http://www.skyboxsecurity.com/.

  35. RedSeal Systems, http://www.redseal.net/.

  36. R. Lippmann, K. Ingols, An Annotated Review of Past Papers on Attack Graphs, Lincoln Laboratory, Technical Report ESC-TR-2005-054, 2005.

    Google Scholar 

Download references

Acknowledgements

This material is based upon work supported by Homeland Security Advanced Research Projects Agency under the contract FA8750-05-C-0212 administered by the Air Force Research Laboratory/Rome; by Air Force Research Laboratory/Rome under the contract FA8750-06-C-0246; by Federal Aviation Administration under the contract DTFAWA-08-F-GMU18; by Air Force Office of Scientific Research under grant FA9550-07-1-0527 and FA9550-08-1-0157; and by the National Science Foundation under grants CT-0716567, CT-0716323, and CT-0627493. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the sponsoring organizations.

Author information

Authors and Affiliations

  1. Center for Secure Information Systems, George Mason University, 22030-4444, Fairfax, VA, USA

    Sushil Jajodia & Steven Noel

Authors
  1. Sushil Jajodia
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Steven Noel
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sushil Jajodia .

Editor information

Editors and Affiliations

  1. Ctr. Secure Information Systems, George Mason University, Fairfax, 22030-4444, U.S.A.

    Sushil Jajodia

  2. College of Information Sciences &, Pennsylvania State University, University Park, 16802-6823, U.S.A.

    Peng Liu

  3. MITRE Corporation, Colshire Dr. 7515, McLean, 22102-7508, U.S.A.

    Vipin Swarup

  4. Computing and Information Science Div., US Army Research Office, Research Triangle Park, 27709-2211, U.S.A.

    Cliff Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag US

About this chapter

Cite this chapter

Jajodia, S., Noel, S. (2010). Topological Vulnerability Analysis. In: Jajodia, S., Liu, P., Swarup, V., Wang, C. (eds) Cyber Situational Awareness. Advances in Information Security, vol 46. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-0140-8_7

Download citation

  • DOI: https://doi.org/10.1007/978-1-4419-0140-8_7

  • Published:

  • Publisher Name: Springer, Boston, MA

  • Print ISBN: 978-1-4419-0139-2

  • Online ISBN: 978-1-4419-0140-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation