Algorithm of Attack Graph Generation based on Attack Cost of CVSS

Shaoqiang Wang, Dan Shao, Jianan Wu

Abstract

Attack graph is the network state abstract generated by mathematical analysis. Attack model can help structurally describing and effectively analyzing the course of attack, and attack graph can clearly analyze the attack paths the attacker may take. The analysis of attack graph has wide applications in intrusion detection and network attack warning. In this paper, a algorithm of attack graph generation based on attack cost of CVSS is designed. In the algorithm , attack costs of CVSS are analyzed, the method of time correction and controlling the graph size are adopted. The best attack paths can be effectively doped out and the graph size can be controlled. Experiment validates its veracity and validity.

References

  1. Swiler LP, Phillips C, Gaylor T. A Graph Based Network Vulnerability Analysis System, SAND97-3010/1. Sandia National Laboratories, Albuquerque, NewMexico and Livermore, California, 1998.
  2. Danforth M. Models for Threat Assessment in Networks. University of California-davis, 2006.
  3. Ritchy RW. Efficient Network Attack Graph Generation. George Mason University, 2007.
  4. Templeton S T. A Requires Provides Model for Computer Attacks. Proceedings of the New Security Paradigms Workshop, Cork Ireland, 2000:31-38.
  5. ORTALO R, DESWARTES Y, KAANICHE M. Experimenting with quantitative evaluation tools for monitoring operational security. IEEE Transactions on Software Engineering, 1999, 25(5):633-650.
  6. Ou XM, BoyerWF. A Scalable Approach to Attack Graph Generation. Proceedings of the 13th ACM Conference on Computer and Communications Security, 2006:336-345.
  7. SCHNEIER B. Secrets and Lies. John Wiley and Sons, Creating Secure Systems through Attack Tree Modeling. Resources Red Teaming Articles and Papers, Amenaza Technologies Limited. 2003.
  8. SHEYNER O. Scenario Graphs and Attack Graphs. School of Computer Science Department, Carnegie Mellon University, 2004.
  9. Peter Mell, Karen Scarfone, Sasha Romanosky. A Complete Guide to the Common Vulnerability Scoring System Version 2.0. http://www.first.org/cvss/v2/guide
  10. Li Lingjuan,SUN Guanghui, Research on Algorithm of Generating Network Attack Graph. Computer Technology and Development. 2010.10. (in Chinese).
  11. Chen Feng, Mao handong, Zhang Weiming, Lei Changhai. Survey of Attack Graph Technique. Computer Science. 2011.11. (in Chinese).
  12. Zhang Xi, Huang Shuguang, Xia Yang, Song Shunhong. Attack graph based method for vulnerability risk evaluation. Application Research of Computers. 2010.1. (in Chinese).
  13. Wang Guoyu, Wang Huimei, Chen Zhijie, Xian Ming, Research on Computer Network Attack Modeling Based on Attack Graph. Journal of National University of Defense Technology. 2009.4. (in Chinese).
  14. He Jianghu, Pan Xiaozhong, Algorithm of attack graph generation based on attack cost of vulnerability relations. Application Research of Computers. 2012.5. (in Chinese).
  15. Zhao Fangfang, Chen Xiuzhen, Li Jianhua, Generation Method of Network Attack Graphs Based on Privilege Escalation. Computer Engineering. 2008.12. (in Chinese).
  16. Lu Yuliang, Song Shunhong, Cheng Weiwei, Liu Jinhong, Shi Fan. Analysis of the generation approaches to network attack graphs. Journal of Anhui University (Natural Science Edition). 2010.4. (in Chinese).
Download


Paper Citation


in Harvard Style

Wang S., Shao D. and Wu J. (2015). Algorithm of Attack Graph Generation based on Attack Cost of CVSS . In Proceedings of the Information Science and Management Engineering III - Volume 1: ISME, ISBN 978-989-758-163-2, pages 471-476. DOI: 10.5220/0006028804710476


in Bibtex Style

@conference{isme15,
author={Shaoqiang Wang and Dan Shao and Jianan Wu},
title={Algorithm of Attack Graph Generation based on Attack Cost of CVSS},
booktitle={Proceedings of the Information Science and Management Engineering III - Volume 1: ISME,},
year={2015},
pages={471-476},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006028804710476},
isbn={978-989-758-163-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Information Science and Management Engineering III - Volume 1: ISME,
TI - Algorithm of Attack Graph Generation based on Attack Cost of CVSS
SN - 978-989-758-163-2
AU - Wang S.
AU - Shao D.
AU - Wu J.
PY - 2015
SP - 471
EP - 476
DO - 10.5220/0006028804710476