A Protocol Vulnerability Analysis Method Based on Logical Attack Graph

  • Chunrui Zhang
  • Shen WangEmail author
  • Dechen Zhan
Conference paper
Part of the Smart Innovation, Systems and Technologies book series (SIST, volume 82)


The method of analyze the complex protocol vulnerability information from a large number of simple protocol vulnerability information is a tough problem. In this paper, we use attack graph method and construct the protocol vulnerability correlation graph. We also combine the attack target with other information to build the protocol logic attack graph, which is transformed into adjacency matrix. Through the adjacency matrix, we can find and calculate the path of complex attacks and the probability of success and hazard index. The experimental results show that this method can find the correlation among protocol vulnerabilities and can calculate the optimal attack path for protocol vulnerability.


Protocol vulnerability analysis Vulnerability correlation graph Logic attack graph 



This work is supported by China Academy of Engineering Physics Project 2014A0403020 and 2015A0403002.


  1. 1.
    Shi, S.: Research on Formal Verification Methods of Security Protocols. Huazhong University of Science and Technology (2009)Google Scholar
  2. 2.
    Wang, L., Islam, T., Long, T., Singhal, A., Jajodia, S.: An attack graph-based probabilistic security metric. In: Atluri, V. (ed.) DBSec 2008. LNCS, vol. 5094, pp. 283–296. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-70567-3_22 CrossRefGoogle Scholar
  3. 3.
    Zhao, C., Wang, H., Lin, J., et al.: A generation method of network security hardening strategy based on attack graphs. Int. J. Web Serv. Res. 12(1), 45–61 (2015)CrossRefGoogle Scholar
  4. 4.
    Keramati, M., Akbari, A., Keramati, M.: CVSS-based security metrics for quantitative analysis of attack graphs. In: International Conference on Computer and Knowledge Engineering, pp. 178–183. IEEE, Piscataway (2013)Google Scholar
  5. 5.
    Harada, T., Kanaoka, A., Okamoto, E., et al.: Identifying potentially-impacted area by vulnerabilities in networked systems using CVSS. In: 10th International Symposium on Applications and the Internet, pp. 367–370. IEEE, Piscataway (2010)Google Scholar
  6. 6.
    Holm, H., Ekstedt, M., Andersson, D.: Empirical analysis of system-level vulnerability metrics through actual attacks. IEEE Trans. Dependable Secure Comput. 9(6), 825–837 (2012)CrossRefGoogle Scholar
  7. 7.
    Chen, X., Fang, B., Tan, Q., et al.: Inferring attack intent of malicious insider based on probabilistic attack graph model. Chin. J. Comput. 37(1), 62–72 (2014)Google Scholar
  8. 8.
    Liu, G., Zhang, H., Li, Q.: Network security optimal attack and defense decision-making method based on game model. J. Nanjing Univ. Sci. Technol. 38(1), 12–21 (2014)Google Scholar
  9. 9.
    Li, Q., Zhang, L., Zhang, C., Yang, T.: Optimization method for attack graph based on vulnerability exploit correlation. Comput. Eng. 38(21), 129–132 (2012)Google Scholar

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  1. 1.Department of Computer Science and TechnologyHarbin Institute of TechnologyHarbinChina
  2. 2.Institute of Computer ApplicationChina Academy of Engineering PhysicsMianyangChina

Personalised recommendations