An Atomic-Domains-Based Approach for Attack Graph Generation

Abstract

Attack graph is an integral part of modeling the overview of network security. System administrators use attack graphs to determine how vulnerable their systems are and to determine what security measures to deploy to defend their systems. Previous methods on AGG(attack graphs generation) are aiming at the whole network, which makes the process of AGG complex and non-scalable. In this paper, we propose a new approach which is simple and scalable to AGG by decomposing the whole network into atomic domains. Each atomic domain represents a host with a specific privilege. Then the process for AGG is achieved by communications among all the atomic domains. Our approach simplifies the process of design for the whole network, and can gives the attack graphs including each attack path for each host, and when the network changes we just carry on the operations of corresponding atomic domains which makes the process of AGG scalable. Keywords—atomic domain,vulnerability, attack graphs, generation, computer security

9 Figures and Tables

Cite this paper

@inproceedings{Chen2009AnAA, title={An Atomic-Domains-Based Approach for Attack Graph Generation}, author={Fangfang Chen and Chunlu Wang and Zhihong Tian and Shuyuan Jin and Tianle Zhang}, year={2009} }