Skip to main content
SpringerLink
Log in

A Scalable Approach to Full Attack Graphs Generation

  • Conference paper
Engineering Secure Software and Systems (ESSoS 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5429))

Included in the following conference series:

Abstract

Attack graphs are valuable vulnerabilities analysis tools to network defenders and may be classified to two kinds by application. One is the partial attack graphs which illustrate the potential interrelations among the known vulnerabilities just related to the given attack goal in the targeted network, the other is full attack graphs which evaluate the potential interrelations among all the known vulnerabilities in the targeted network. The previous approaches to generating full attack graphs are suffering from two issues. One is the effective modeling language for full attack graphs generation and the other is the scalability to large enterprise network. In this paper, we firstly present a novel conceptual model for full attack graph generation that introduces attack pattern simplifying the process of modeling the attacker. Secondly, a formal modeling language VAML is proposed to describe the various elements in the conceptual model. Thirdly, based on VAML, a scalable approach to generate full attack graphs is put forward. The prototype system CAVS has been tested on an operational network with over 150 hosts. We have explored the system’s scalability by evaluating simulated networks with up to one thousand hosts and various topologies. The experimental result shows the approach could be applied to large networks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Phillips, C., Swiler, L.: A graph-based system for network vulnerability analysis. In: ACM New Security Paradigms Workshop, pp. 71–79 (1998)

    Google Scholar 

  2. Ritchey, R., Ammann, P.: Using model checking to analyze network vulnerabilities. In: Proceedings of the 2000 IEEE Symposium on Security and Privacy, pp. 156–165 (2000)

    Google Scholar 

  3. Sheyner, O., Jha, S., Wing, J.M., Lippmann, R.P., Haines, J.: Automated Generation and Analysis of Attack Graphs. In: 2002 IEEE Symposium on Security and Privacy, Oakland, California (2002)

    Google Scholar 

  4. Lippmann, R.P., Ingols, K.W.: An annotated review of past papers on attack graphs. Technical report, MIT Lincoln Laboratory, Lexington, MA, ESC-TR-2005-054 (2005)

    Google Scholar 

  5. Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 217–224. ACM Press, New York (2002)

    Google Scholar 

  6. Jajodia, S., Noel, S., O’Berry, B.: Topological Analysis of Network Attack Vulnerability, vol. 5. Kluwer Academic Publishers, Dordrecht (2003)

    Google Scholar 

  7. Ou, X., Govindavajhala, S., Appel, A.W.: MulVAL: A logic-based network security analyzer. In: 14th USENIX Security Symposium, Baltimore, MD,USA (August. 2005)

    Google Scholar 

  8. Ou, X., Boyer, W.F., McQueen, M.A.: A Scalable Approach to Attack Graph Generation. In: Proceedings of the 13th ACM conference on Computer and communications security, pp. 336–345 (2006)

    Google Scholar 

  9. Templeton, S., Levit, K.: A Requires/Provides Model for Computer Attacks. In: Proc. of New Security Paradigms Workshop, pp. 31–38 (2000-2009)

    Google Scholar 

  10. Cuppens, F., Ortalo, R.: LAMBDA: A language to model a database for detection of attacks. In: Debar, H., Mé, L., Wu, S.F. (eds.) RAID 2000. LNCS, vol. 1907, pp. 197–216. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  11. Jha, S., Sheyner, O., Wing, J.: Two Formal Analyses of Attack Graphs. In: Proceedings: 15th IEEE Computer Security Foundations Workshop (CSFW 15), pp. 49–63. IEEE Computer Society Press, Los Alamitos (2002)

    Chapter  Google Scholar 

  12. Wang, L., Noel, S., Jajodia, S.: Minimum-cost network hardening using attack graphs. Computer Communications 29(18), 3812–3824 (2006)

    Article  Google Scholar 

  13. Wang, L., Liu, A., Jajodia, S.: An efficient and unified approach to correlating, hypothesizing, and predicting intrusion alerts. In: de Capitani di Vimercati, S., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 247–266. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  14. Noel, S., Jajodia, S.: Correlating intrusion events and building attack scenarios through attack graph distance. In: Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC 2004) (2004)

    Google Scholar 

  15. Wang, L., Singhal, A., Jajodia, S.: Toward measuring network security using attack graphs. In: Conference on Computer and Communications Security Proceedings of the 2007 ACM workshop on Quality of protection, pp. 49–54 (2007)

    Google Scholar 

  16. Graphviz - Graph Visualization Software, http://www.graphviz.org/

  17. Common Vulnerabilities and Exposure, http://cve.mitre.org/

  18. Common Attack Pattern Enumeration and Classification, http://capec.mitre.org/

Download references

Author information

Authors and Affiliations

  1. School of Computer, National University of Defense Technology, Changsha, 410073, China

    Feng Chen, Jinshu Su & Yi Zhang

Authors
  1. Feng Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jinshu Su
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yi Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Trento, Povo (Trento), Italy

    Fabio Massacci

  2. Department of Computer Science, James Madison University, VA 22807, Harrisonburg, USA

    Samuel T. Redwine Jr.

  3. Department of Computer Science, University of Toronto, ON, Canada

    Nicola Zannone

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Chen, F., Su, J., Zhang, Y. (2009). A Scalable Approach to Full Attack Graphs Generation. In: Massacci, F., Redwine, S.T., Zannone, N. (eds) Engineering Secure Software and Systems. ESSoS 2009. Lecture Notes in Computer Science, vol 5429. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00199-4_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-00199-4_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-00198-7

  • Online ISBN: 978-3-642-00199-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation