An Atomic-Domains-Based Approach for Attack Graph Generation
Attack graph is an integral part of modeling the
overview of network security. System administrators use attack graphs to determine how vulnerable their systems are and to determine
what security measures to deploy to defend their systems. Previous methods on AGG(attack graphs generation) are aiming at
the whole network, which makes the process of AGG complex and
non-scalable. In this paper, we propose a new approach which is
simple and scalable to AGG by decomposing the whole network into atomic domains. Each atomic domain represents a host with a specific privilege. Then the process for AGG is achieved by communications
among all the atomic domains. Our approach simplifies the process
of design for the whole network, and can gives the attack graphs including each attack path for each host, and when the network changes we just carry on the operations of corresponding atomic
domains which makes the process of AGG scalable.
[1] Rattikorn Hewett and Phongphun Kijsanayothin, Host-Centric Model
Checking for Network Vulnerability Analysis, Proceedings of 2008
Annuual Computer Security Applications Conference, pp.225-234,2008
[2] Robert Richardson, 2008 CSI Computer Crime Security Servy,
http://www.gocsi.com/index.jhtml
[3] Lingyu Wang, Steven Noel and Sushil Jajodia, Minimum-cost Network
Hardening Using Attack Graphs, Computer Communications, Volume
29, Issue 18 , 28 November 2006, Pages 3812-3824
[4] Ou X., W. Boyer, and M.McQueen, A scalable approach to attack graph
generation, Proc. Of ACM conf. On Comp. And Com. Security,pp.336-345,2006
[5] The NuSMV (A New Symbolic Model Checker) System, Aval on
http://nusmv.itc.it/ ,2009.
[6] Oleg Sheyner, Scenario Graphs and Attack Graphs, PhD thesis,Cainehic
Mellon University,2004
[7] O. Sheyner, S. Jha, J. Mwing, R. P. Lippmann and J. Haines, Automated
Generation and Analysis of Attack Graphs, Proceeding of the IEEE Symposium on Security and Privacy,pp.273-284,2002
[8] O. Sheyner and J. Wing, Tools for Generating and Analyzing Attack
Graphs, Proceeding of Workshop on Formal Methods for Comp. And
Objects,pp.344-371,2004
[9] C. Phillips and L. Swiler, A graph-based system for network-vulnerability
analysis, Proceeding of the workshop on new security paradigms,pp.71-79,1998
[10] Paul Ammann, Joseph Pamula and Ronald Ritchey, A host-based approach
to network attack chaining analysis, Proceeding of the 21th Annual Computer Security Applications Conference,pp.72-84,2005.
[11] Paul Ammann, Duminda Wijesekera and Saket Kaushik,Scalable, Graph-Based Network Vulnerability Analysis, Proceeding of
ACM conference on Comp. Com.Sec.,pp.217-224,2002.
[12] F. Cuppens, Alert Correlation in a Cooperative Intrusion Detection
Framework, Proceedings of the 2002 IEEE Symposium on Security
and Privacy,Washington,DC,IEEE Computer Society,2002.
[13] P. Ning and D. Xu, Learning attack strategies from intrusion alerts,
Proceedings of the 10th ACM Conference on Computer and Communications
Security,New York:ACM Press,2003,200-209.
[14] M. Artz, NETspa, A Network Security Planning Architecture, M.S.
Thesis, Cambridge: Massachusetts Institute of Technology, May 2002.
[15] J. P. McDermott, Attack Net Penetration Testing, Proceedings
of the 2000 Workshop on New Security Paradings.New York:ACM
Press,2001,pp.15-21.
[16] S. Jha,O. Sheyner,and J. Wing, Two formal analysis of attack
graphs, Proccedings of the 15th IEEE Computer Security Foundations
Workshop,pp.49-63,2002.
[17] CVSS-Common Vulnerability Scoring System, Avail. on
http://nvd.nist.gov/cvss.cfm?version=2, March , 2009
[18] M. Artz, NETspa, A Network Security Planning Architecture, M.S.
Thesis,Cambridge:Massachusetts Institute of Technology,May 2002
[19] Network Mapper. http://nmap.org/, 2009
[20] R. P. Lippmann and K. W. Ingols, An Annotated Review of Past
Papers on Attack Graphs, Technical report,Massachusetts Institute of
Techonology Lincoln Laboratory,March 2005.
[21] L. Swiler, C. Phillips, D. Ellis and S. Chakerian, Computer-attack graph
generation tool, Proc. DARPA Info. Surv. Conf. Expo. ,vol.2,pp.307-
321,2001.
[22] R. Ritchey and P. Amman, Using Model Checking to Analyze Network
Vulnerabilities, Proceedings of the 2000 IEEE Symposiums on Security
and Privacy,pp.156-165,2000
[23] Somesh Jha and Jeannette Wing, Survivability analysis of networked
systems, Proceedings of the International Conference on Software
Engineering,Toronto,Canada,May 2001
[1] Rattikorn Hewett and Phongphun Kijsanayothin, Host-Centric Model
Checking for Network Vulnerability Analysis, Proceedings of 2008
Annuual Computer Security Applications Conference, pp.225-234,2008
[2] Robert Richardson, 2008 CSI Computer Crime Security Servy,
http://www.gocsi.com/index.jhtml
[3] Lingyu Wang, Steven Noel and Sushil Jajodia, Minimum-cost Network
Hardening Using Attack Graphs, Computer Communications, Volume
29, Issue 18 , 28 November 2006, Pages 3812-3824
[4] Ou X., W. Boyer, and M.McQueen, A scalable approach to attack graph
generation, Proc. Of ACM conf. On Comp. And Com. Security,pp.336-345,2006
[5] The NuSMV (A New Symbolic Model Checker) System, Aval on
http://nusmv.itc.it/ ,2009.
[6] Oleg Sheyner, Scenario Graphs and Attack Graphs, PhD thesis,Cainehic
Mellon University,2004
[7] O. Sheyner, S. Jha, J. Mwing, R. P. Lippmann and J. Haines, Automated
Generation and Analysis of Attack Graphs, Proceeding of the IEEE Symposium on Security and Privacy,pp.273-284,2002
[8] O. Sheyner and J. Wing, Tools for Generating and Analyzing Attack
Graphs, Proceeding of Workshop on Formal Methods for Comp. And
Objects,pp.344-371,2004
[9] C. Phillips and L. Swiler, A graph-based system for network-vulnerability
analysis, Proceeding of the workshop on new security paradigms,pp.71-79,1998
[10] Paul Ammann, Joseph Pamula and Ronald Ritchey, A host-based approach
to network attack chaining analysis, Proceeding of the 21th Annual Computer Security Applications Conference,pp.72-84,2005.
[11] Paul Ammann, Duminda Wijesekera and Saket Kaushik,Scalable, Graph-Based Network Vulnerability Analysis, Proceeding of
ACM conference on Comp. Com.Sec.,pp.217-224,2002.
[12] F. Cuppens, Alert Correlation in a Cooperative Intrusion Detection
Framework, Proceedings of the 2002 IEEE Symposium on Security
and Privacy,Washington,DC,IEEE Computer Society,2002.
[13] P. Ning and D. Xu, Learning attack strategies from intrusion alerts,
Proceedings of the 10th ACM Conference on Computer and Communications
Security,New York:ACM Press,2003,200-209.
[14] M. Artz, NETspa, A Network Security Planning Architecture, M.S.
Thesis, Cambridge: Massachusetts Institute of Technology, May 2002.
[15] J. P. McDermott, Attack Net Penetration Testing, Proceedings
of the 2000 Workshop on New Security Paradings.New York:ACM
Press,2001,pp.15-21.
[16] S. Jha,O. Sheyner,and J. Wing, Two formal analysis of attack
graphs, Proccedings of the 15th IEEE Computer Security Foundations
Workshop,pp.49-63,2002.
[17] CVSS-Common Vulnerability Scoring System, Avail. on
http://nvd.nist.gov/cvss.cfm?version=2, March , 2009
[18] M. Artz, NETspa, A Network Security Planning Architecture, M.S.
Thesis,Cambridge:Massachusetts Institute of Technology,May 2002
[19] Network Mapper. http://nmap.org/, 2009
[20] R. P. Lippmann and K. W. Ingols, An Annotated Review of Past
Papers on Attack Graphs, Technical report,Massachusetts Institute of
Techonology Lincoln Laboratory,March 2005.
[21] L. Swiler, C. Phillips, D. Ellis and S. Chakerian, Computer-attack graph
generation tool, Proc. DARPA Info. Surv. Conf. Expo. ,vol.2,pp.307-
321,2001.
[22] R. Ritchey and P. Amman, Using Model Checking to Analyze Network
Vulnerabilities, Proceedings of the 2000 IEEE Symposiums on Security
and Privacy,pp.156-165,2000
[23] Somesh Jha and Jeannette Wing, Survivability analysis of networked
systems, Proceedings of the International Conference on Software
Engineering,Toronto,Canada,May 2001
@article{"International Journal of Information, Control and Computer Sciences:64637", author = "Fangfang Chen and Chunlu Wang and Zhihong Tian and Shuyuan Jin and Tianle Zhang", title = "An Atomic-Domains-Based Approach for Attack Graph Generation", abstract = "Attack graph is an integral part of modeling the
overview of network security. System administrators use attack graphs to determine how vulnerable their systems are and to determine
what security measures to deploy to defend their systems. Previous methods on AGG(attack graphs generation) are aiming at
the whole network, which makes the process of AGG complex and
non-scalable. In this paper, we propose a new approach which is
simple and scalable to AGG by decomposing the whole network into atomic domains. Each atomic domain represents a host with a specific privilege. Then the process for AGG is achieved by communications
among all the atomic domains. Our approach simplifies the process
of design for the whole network, and can gives the attack graphs including each attack path for each host, and when the network changes we just carry on the operations of corresponding atomic
domains which makes the process of AGG scalable.", keywords = "atomic domain,vulnerability, attack graphs, generation,computer security", volume = "3", number = "8", pages = "2140-7", }
