Skip to main content
SpringerLink
Log in

An Attack Graph Generation Method Based on Parallel Computing

  • Conference paper
  • First Online:
Science of Cyber Security (SciSec 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11287))

Included in the following conference series:

Abstract

Attack graph is used as a model that enumerates all possible attack paths based on a comprehensive analysis of multiple network configurations and vulnerability information. An attack graph generation method based on parallel computing is therefore proposed to solve the thorny problem of calculations as the network scale continues to expand. We utilize multilevel k-way partition algorithm to divide network topology into parts in efficiency of parallel computing and introduce Spark into the attack graph generation as a parallel computing platform. After the generation, we have a tool named Monitor to regenerate the attack graph of the changed target network. The method can improve the speed of calculations to solve large and complex computational problems and save time of generating the whole attack graph when the network changed. The experiments which had been done show that the algorithm proposed to this paper is more efficient benefiting from smaller communication overhead and better load balance.

This work is supported by funding from Basic Scientific Research Program of Chinese Ministry of Industry and Information Technology (Grant No. JCKY2016602B001).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Garey, M.R., Johnson, D.S., Stockmeyer, L.: Some simplified NP-complete graph problems. Theor. Comput. Sci. 1(3), 237–267 (1976)

    Article  MathSciNet  Google Scholar 

  2. Leighton, T., Rao, S.: Multi-commodity max-flow min-cut theorems and their use in designing approximation algorithms. JACM 46(6), 787–832 (1999)

    Article  Google Scholar 

  3. Ou, X., Govindavajhala, S., Appel, A.W.: MulVAL: a logic-based network security analyzer. In: Usenix Security Symposium, vol. 8 (2005)

    Google Scholar 

  4. Artz, M.L.: NetSPA : a Network Security Planning Architecture (2002)

    Google Scholar 

  5. Kaynar, K., Sivrikaya, F.: Distributed attack graph generation. IEEE Trans. Dependable Secur. Comput. 13(5), 519–532 (2016)

    Article  Google Scholar 

  6. Karypis, G., Kumar, V.: METIS: a software package for partitioning unstructured graphs. Int. Cryog. Monogr. 121–124 (1998)

    Google Scholar 

  7. Man, D., Zhang, B., Yang, W., Jin, W., Yang, Y.: A method for global attack graph generation. In: 2008 IEEE International Conference on Networking, Sensing and Control, Sanya, pp. 236–241 (2008)

    Google Scholar 

  8. Ou, X., Boyer, W.F., McQueen, M.A.: A scalable approach to attack graph generation. In: Proceedings of the 13th ACM Conference on Computer and Communications Security (2006)

    Google Scholar 

  9. Keramati, M.: An attack graph based procedure for risk estimation of zero-day attacks. In: 8th International Symposium on Telecommunications (IST), Tehran, pp. 723–728 (2016)

    Google Scholar 

  10. Wang, S., Tang, G., Kou, G., Chao, Y.: An attack graph generation method based on heuristic searching strategy. In: 2016 2nd IEEE International Conference on Computer and Communications (ICCC), Chengdu, pp. 1180–1185 (2016)

    Google Scholar 

  11. Yi, S., et al.: Overview on attack graph generation and visualization technology. In: 2013 International Conference on Anti-Counterfeiting, Security and Identification (ASID), Shanghai, pp. 1–6 (2013)

    Google Scholar 

  12. Ingols, K., Lippmann, R., Piwowarski, K.: Practical attack graph generation for network defense. In: 22nd Annual Computer Security Applications Conference (ACSAC 2006), Miami Beach, FL, pp. 121–130 (2006)

    Google Scholar 

  13. Li, K., Hudak, P.: Memory coherence in shared virtual memory systems. ACM Trans. Comput. Syst. 7(4), 321–359 (1989)

    Article  Google Scholar 

  14. Johnson, P., Vernotte, A., Ekstedt, M., Lagerstrom, R.: pwnPr3d: an attack-graph-driven probabilistic threat-modeling approach. In: 2016 11th International Conference on Availability, Reliability and Security (ARES), Salzburg, pp. 278–283 (2016)

    Google Scholar 

  15. Cheng, Q., Kwiat, K., Kamhoua, C.A., Njilla, L.: Attack graph based network risk assessment: exact inference vs region-based approximation. In: IEEE 18th International Symposium on High Assurance Systems Engineering (HASE), Singapore, pp. 84–87 (2017)

    Google Scholar 

  16. Karypis, G., Kumar, V.: Multilevel k-way hypergraph partitioning. In: Proceedings: Design Automation Conference (Cat. No. 99CH36361), New Orleans, LA, pp. 343–348 (1999)

    Google Scholar 

  17. Zaharia, M., Chowdhury, M., Franklin, M.J., et al.: Spark: cluster computing with working sets. HotCloud 10(10–10), 95 (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science and Technology, Beijing Institute of Technology, Beijing, China

    Ningyuan Cao, Kun Lv & Changzhen Hu

Authors
  1. Ningyuan Cao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kun Lv
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Changzhen Hu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ningyuan Cao .

Editor information

Editors and Affiliations

  1. Institute of Information Engineering and School of Cybersecurity University of Chinese Academy of Sciences, Beijing, China

    Feng Liu

  2. The University of Texas at San Antonio, San Antonio, TX, USA

    Shouhuai Xu

  3. Google and Columbia University, New York, NY, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Cao, N., Lv, K., Hu, C. (2018). An Attack Graph Generation Method Based on Parallel Computing. In: Liu, F., Xu, S., Yung, M. (eds) Science of Cyber Security. SciSec 2018. Lecture Notes in Computer Science(), vol 11287. Springer, Cham. https://doi.org/10.1007/978-3-030-03026-1_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-03026-1_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-03025-4

  • Online ISBN: 978-3-030-03026-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation