Automated generation and analysis of attack graphs
Top Cited Papers
- 24 August 2005
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
Abstract
An integral part of modeling the global view of network security isconstructing attack graphs.In practice, attack graphs areproduced manually by Red Teams.Construction by hand, however, istedious, error-prone, and impractical for attack graphs larger than ahundred nodes.In this paper we present an automated technique forgenerating and analyzing attack graphs.We base our technique onsymbolic model checking algorithms,letting us construct attack graphs automatically and efficiently.Wealso describe two analyses to help decide which attacks would be mostcost-effective to guard against.We implemented our technique in atool suite and tested it on a small network example, which includesmodels of a firewall and an intrusion detection system.Keywords
This publication has 8 references indexed in Scilit:
- A requires/provides model for computer attacksPublished by Association for Computing Machinery (ACM) ,2001
- LAMBDA: A Language to Model a Database for Detection of AttacksLecture Notes in Computer Science, 2000
- NetSTAT: A network-based intrusion detection systemJournal of Computer Security, 1999
- Experimenting with quantitative evaluation tools for monitoring operational securityIEEE Transactions on Software Engineering, 1999
- A graph-based system for network-vulnerability analysisPublished by Association for Computing Machinery (ACM) ,1998
- Markov Decision ProcessesWiley Series in Probability and Statistics, 1994
- Symbolic model checking: 1020 States and beyondInformation and Computation, 1992
- Graph-Based Algorithms for Boolean Function ManipulationIEEE Transactions on Computers, 1986