Proceedings Article10.1109/DISCEX.2001.932182
Computer-attack graph generation tool
Laura Painton Swiler,Cynthia A. Phillips,D. Ellis,S. Chakerian +3 more
- 12 Jun 2001
- Vol. 2, pp 307-321
388
TL;DR: The status of the tool is presented and implementation issues are discussed, especially focusing on the data input needs and methods for eliminating redundant paths and nodes in the graph.
read more
Abstract: This paper presents a tool for assessment of security attributes and vulnerabilities in computer networks. The tool generates attack graphs (Phillips and Swiler, 1998). Each node in the attack graph represents a possible attack state. Edges represent a change of state caused by a single action taken by the attacker or unwitting assistant, and are weighted by some metric (such as attacker effort or time to succeed). Generation of the attack graph requires algorithms that match information about attack requirements (specified in attack templates) to information about the network configuration and assumed attacker capabilities (attacker profile). The set of near-optimal shortest paths indicates the most exploitable components of the system configuration. This paper presents the status of the tool and discusses implementation issues, especially focusing on the data input needs and methods for eliminating redundant paths and nodes in the graph.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Automated generation and analysis of attack graphs
Oleg Sheyner,J.W. Haines,Somesh Jha,Richard P. Lippmann,Jeannette M. Wing +4 more
- 12 May 2002
TL;DR: This paper presents an automated technique for generating and analyzing attack graphs, based on symbolic model checking algorithms, letting us construct attack graphs automatically and efficiently.
1.4K
Scalable, graph-based network vulnerability analysis
Paul Ammann,Duminda Wijesekera,Saket Kaushik +2 more
- 18 Nov 2002
TL;DR: This paper revisits the idea of attack graphs themselves, and argues that they represent more information explicitly than is necessary for the analyst, and proposes a more compact and scalable representation.
A scalable approach to attack graph generation
Xinming Ou,Wayne F. Boyer,Miles McQueen +2 more
- 30 Oct 2006
TL;DR: This paper proposes logical attack graphs, which directly illustrate logical dependencies among attack goals and configuration information, and shows experimental evidence that the logical attack graph generation algorithm is very efficient.
689
Dynamic Security Risk Management Using Bayesian Attack Graphs
TL;DR: This paper proposes a risk management framework using Bayesian networks that enable a system administrator to quantify the chances of network compromise at various levels and shows how to use this information to develop a security mitigation and management plan.
650
Foundations of attack trees
Sjouke Mauw,Martijn Oostdijk +1 more
- 01 Dec 2005
TL;DR: A denotational semantics is provided, based on a mapping to attack suites, which abstracts from the internal structure of an attack tree, which is indispensable to precisely understand how attack trees can be manipulated during construction and analysis.
553
References
•Book
Introduction to Algorithms
Thomas H. Cormen,Charles E. Leiserson,Ronald L. Rivest +2 more
- 01 Jan 1990
TL;DR: The updated new edition of the classic Introduction to Algorithms is intended primarily for use in undergraduate or graduate courses in algorithms or data structures and presents a rich variety of algorithms and covers them in considerable depth while making their design and analysis accessible to all levels of readers.
24.8K
A graph-based system for network-vulnerability analysis
Cynthia A. Phillips,Laura Painton Swiler +1 more
- 01 Jan 1998
TL;DR: A graph-based tool can identify the set of attack paths that have a high probability of success (or a low effort cost) for the attacker, and is used to test the effectiveness of making configuration changes, implementing an intrusion detection system, etc.
Models and tools for quantitative assessment of operational security
Marc Dacier,Yves Deswarte,M. Kaâniche +2 more
- 15 Dec 1996
TL;DR: This paper proposes a novel approach to help computing system administrators in monitoring the security of their systems based on modeling the system as a privilege graph exhibiting operational security vulnerabilities and transforming this privilege graph into a Markov chain corresponding to all possible successful attack scenarios.
Quantitative Assessment of Operational Security: Models and Tools *
Marc Dacier,Yves Deswarte Mohamed Kaâniche +1 more
- 01 Jan 1996
TL;DR: This paper develops an approach to evaluate the security of operational computing systems based on modeling the system as a privilege graph exhibiting operational security vulnerabilities and on transforming this privilege graph into a Markov chain corresponding to all possibles successful attack scenarios.
118
An insecurity flow model
Ira S. Moskowitz,Myong H. Kang +1 more
- 01 Jan 1998
TL;DR: A new way of looking at security violations, called insecurity flow, is examined, which is expressed via a formal mathematical model that combines elements of graph theory and discrete probability.
Related Papers (5)
Cynthia A. Phillips,Laura Painton Swiler +1 more
- 01 Jan 1998
Paul Ammann,Duminda Wijesekera,Saket Kaushik +2 more
- 18 Nov 2002
Ronald W. Ritchey,Paul Ammann +1 more
- 14 May 2000
Somesh Jha,Oleg Sheyner,Jeannette M. Wing +2 more
- 24 Jun 2002