Automated generation and analysis of attack graphs

Top Cited Papers

24 August 2005

conference paper
conference paper
Published by Institute of Electrical and Electronics Engineers (IEEE)

Abstract

An integral part of modeling the global view of network security isconstructing attack graphs.In practice, attack graphs areproduced manually by Red Teams.Construction by hand, however, istedious, error-prone, and impractical for attack graphs larger than ahundred nodes.In this paper we present an automated technique forgenerating and analyzing attack graphs.We base our technique onsymbolic model checking algorithms,letting us construct attack graphs automatically and efficiently.Wealso describe two analyses to help decide which attacks would be mostcost-effective to guard against.We implemented our technique in atool suite and tested it on a small network example, which includesmodels of a firewall and an intrusion detection system.

Keywords

This publication has 8 references indexed in Scilit:

A requires/provides model for computer attacks
Published by Association for Computing Machinery (ACM) ,2001
LAMBDA: A Language to Model a Database for Detection of Attacks
Lecture Notes in Computer Science, 2000
NetSTAT: A network-based intrusion detection system
Journal of Computer Security, 1999
Experimenting with quantitative evaluation tools for monitoring operational security
IEEE Transactions on Software Engineering, 1999
A graph-based system for network-vulnerability analysis
Published by Association for Computing Machinery (ACM) ,1998
Markov Decision Processes
Wiley Series in Probability and Statistics, 1994
Symbolic model checking: 1020 States and beyond
Information and Computation, 1992
Graph-Based Algorithms for Boolean Function Manipulation
IEEE Transactions on Computers, 1986

Cited by 523 articles