Two Scalable Approaches to Analyzing Network Security Using Compact Attack Graphs

被引:0
|
作者
Chen, Feng [1 ]
Tu, Ri [1 ]
Zhang, Yi [1 ]
Su, Jinshu [1 ]
机构
[1] NUDT, Sch Comp, Changsha, Hunan, Peoples R China
来源
IEEC 2009: FIRST INTERNATIONAL SYMPOSIUM ON INFORMATION ENGINEERING AND ELECTRONIC COMMERCE, PROCEEDINGS | 2009年
关键词
attack graphs; security measure; scalable;
D O I
10.1109/IEEC.2009.24
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
The compact attack graphs can implicitly reveal the potential threat of sophisticated multi-step attacks by enumerating possible sequences of exploits leading to the compromising given critical resources in enterprise networks with thousands of hosts. For security analysts, the challenge is how to analyze the complex attack graphs with possible ten thousands of nodes for defending the security of network. In the paper, we will essentially discuss two issues about it. The first is to compute non-loop attack paths with the distance less than the given number that the real attacker may take in realistic attack scenarios. The second is how to measure security risk. Two scalable approaches are proposed to solve the above two issues respectively. These approaches are proved to have a polynomial time complexity and can scale to the attack graphs with ten thousands of nodes corresponding to large enterprise networks.
引用
收藏
页码:90 / 94
页数:5
相关论文
共 50 条
  • [1] Two Scalable Analyses of Compact Attack Graphs for Defending Network Security
    Chen, Feng
    Tu, Ri
    Zhang, Yi
    Su, Jinshu
    NSWCTC 2009: INTERNATIONAL CONFERENCE ON NETWORKS SECURITY, WIRELESS COMMUNICATIONS AND TRUSTED COMPUTING, VOL 1, PROCEEDINGS, 2009, : 627 - 632
  • [2] Toward Measuring Network Security Using Attack Graphs
    Wang, Lingyu
    Singhal, Anoop
    Jajodia, Sushil
    QOP'07: PROCEEDINGS OF THE 2007 ACM WORKSHOP ON QUALITY OF PROTECTION, 2007, : 49 - 54
  • [3] Analyzing Network Security using Malefactor Action Graphs
    Kotenko, Igor
    Stepashkin, Mikhail
    INTERNATIONAL JOURNAL OF COMPUTER SCIENCE AND NETWORK SECURITY, 2006, 6 (06): : 226 - 235
  • [4] Evaluating Network Security With Two-layer Attack Graphs
    Xie, Anming
    Cai, Zhuhua
    Tang, Cong
    Hu, Jianbin
    Chen, Zhong
    25TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE, 2009, : 127 - +
  • [5] A Method for Analyzing EPC Entity Security Threats by Using Attack Graphs
    Chen, Zhinan
    Peng, Jianhua
    Peng, Caixia
    PROCEEDINGS OF 2013 IEEE 4TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING AND SERVICE SCIENCE (ICSESS), 2012, : 981 - 984
  • [6] Analyzing the Security in the GSM Radio Network Using Attack Jungles
    Abdulla, Parosh Aziz
    Cederberg, Jonathan
    Kaati, Lisa
    LEVERAGING APPLICATIONS OF FORMAL METHODS, VERIFICATION, AND VALIDATION, PT I, 2010, 6415 : 60 - +
  • [7] A Flexible Approach to Measuring Network Security Using Attack Graphs
    Chen Feng
    Su Jin-Shu
    PROCEEDINGS OF THE INTERNATIONAL SYMPOSIUM ON ELECTRONIC COMMERCE AND SECURITY, 2008, : 426 - 431
  • [8] Measuring the overall security of network configurations using attack graphs
    Wang, Lingyu
    Singhal, Anoop
    Jajodia, Sushil
    DATA AND APPLICATIONS SECURITY XXI, PROCEEDINGS, 2007, 4602 : 98 - +
  • [9] Applying Attack Graphs to Network Security Metric
    Xie, Anming
    Wen, Weiping
    Zhang, Li
    Hu, Jianbin
    Chen, Zhong
    MINES 2009: FIRST INTERNATIONAL CONFERENCE ON MULTIMEDIA INFORMATION NETWORKING AND SECURITY, VOL 1, PROCEEDINGS, 2009, : 427 - +
  • [10] Analyzing The Security of The Cache Side Channel Defences With Attack Graphs
    Wang, Limin
    Zhu, Ziyuan
    Wang, Zhanpeng
    Meng, Dan
    2020 25TH ASIA AND SOUTH PACIFIC DESIGN AUTOMATION CONFERENCE, ASP-DAC 2020, 2020, : 50 - 55
12345