Automated generation and analysis of attack graphs

@article{Sheyner2002AutomatedGA,
  title={Automated generation and analysis of attack graphs},
  author={Oleg Sheyner and Joshua W. Haines and Somesh Jha and Richard Lippmann and Jeannette M. Wing},
  journal={Proceedings 2002 IEEE Symposium on Security and Privacy},
  year={2002},
  pages={273-284}
}
An integral part of modeling the global view of network security is constructing attack graphs. Manual attack graph construction is tedious, error-prone, and impractical for attack graphs larger than a hundred nodes. In this paper we present an automated technique for generating and analyzing attack graphs. We base our technique on symbolic model checking algorithms, letting us construct attack graphs automatically and efficiently. We also describe two analyses to help decide which attacks… 

Figures from this paper

Attack graph generation and analysis
TLDR
This talk presents a technique, based on model checking, for generating attack graphs automatically and describes different analyses that system administrators can perform in trading off one security measure for another or in using attack graphs in intrusion detection.
Tools for Generating and Analyzing Attack Graphs
TLDR
This paper takes network attack models as input to attack graph tools to generate attack graphs automatically and to analyze system vulnerabilities and presents details of an example to illustrate how these models are specified and analyzed.
A scalable approach to attack graph generation
TLDR
This paper proposes logical attack graphs, which directly illustrate logical dependencies among attack goals and configuration information, and shows experimental evidence that the logical attack graph generation algorithm is very efficient.
Two formal analyses of attack graphs
TLDR
This paper presents an algorithm for generating attack graphs using model checking as a subroutine, and provides a formal characterization of this problem, proving that it is polynomially equivalent to the minimum hitting set problem and presenting a greedy algorithm with provable bounds.
Minimization and Reliability Analyses of Attack Graphs
TLDR
This paper presents a minimization technique that allows analysts to decide which minimal set of security measures would guarantee the safety of the system, and provides a formal characterization of this problem and proves that it is polynomially equivalent to the minimum hitting set problem.
Topological Analysis of Multi-phase Attacks using Expert Systems
TLDR
A general logic-based framework for modeling network configurations and topologies is presented and a number of important and wide-spread network vulnerabilities are modeled as general inference rules based on the framework definitions.
Rule-Based Topological Vulnerability Analysis
TLDR
This paper represents individual attacks as the transition rules of a rule-based system and considers arbitrary nonmonotonic rulesets and presents a series of optimizations which permit to perform vulnerability assessment efficiently in most practical cases.
Scalable Attack Representation Model Using Logic Reduction Techniques
TLDR
Two logic reduction techniques are proposed to automate the ATs construction and to reduce the size of the AT, and the computational complexity is calculated.
Ranking Attack Graphs
TLDR
This work proposes two algorithms to rank states of an Attack Graph based on the probability of an attacker reaching those states, similar to the PageRank algorithm used by Google to measure importance of web pages on the World Wide Web.
...
...

References

SHOWING 1-10 OF 28 REFERENCES
Computer-attack graph generation tool
TLDR
The status of the tool is presented and implementation issues are discussed, especially focusing on the data input needs and methods for eliminating redundant paths and nodes in the graph.
Minimization and Reliability Analyses of Attack Graphs
TLDR
This paper presents a minimization technique that allows analysts to decide which minimal set of security measures would guarantee the safety of the system, and provides a formal characterization of this problem and proves that it is polynomially equivalent to the minimum hitting set problem.
A requires/provides model for computer attacks
TLDR
A flexible extensible model for computer attacks, a language for specifying the model, and how it can be used in security applications such as vulnerability analysis, intrusion detection and attack generation are described.
Using model checking to analyze network vulnerabilities
TLDR
This work addresses the network vulnerabilities problem with test cases, which amount to attack scenarios, generated by a model checker, and encodes the vulnerabilities in a state machine description suitable for a modelChecker and asserts that an attacker cannot acquire a given privilege on a given host.
LAMBDA: A Language to Model a Database for Detection of Attacks
TLDR
This article presents an attack description language that is based on logic and uses a declarative approach and the various steps of the attack process are associated to events, which may be combined using specific algebraic operators.
Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security
TLDR
Quantitative measures that estimate the effort an attacker might expend to exploit these vulnerabilities to defeat the system security objectives are proposed and a set of tools has been developed to compute such measures and used in an experiment to monitor a large real system for nearly two years.
NetSTAT: A Network-based Intrusion Detection System
TLDR
This paper presents a new approach that applies the State Transition Analysis Technique (STAT) to network intrusion detection, able to determine which network events have to be monitored and where they can be monitored, providing automatic support for configuration and placement of intrusion detection components.
Model Checking
TLDR
Model checking is applied concurrently with system design, and particularly in its early stages when systems are modelled at a high level of abstraction, because the payoff of finding bugs at that stage is highest whereas the costs are low.
Survivability analysis of networked systems
  • Jeannette M. Wing
  • Computer Science
    Proceedings of the 23rd International Conference on Software Engineering. ICSE 2001
  • 2001
TLDR
This work presents a systematic method for performing survivability analysis of networked systems, where an architect injects failure and intrusion events into a system model and then visualizes the effects of the injected events in the form of scenario graphs.
...
...