A New Method to Generate Attack Graphs

Anming Xie; Zhong Chen; Jianbin Hu; Guodong Chen; Yonggang Wang

doi:10.1109/SSIRI.2009.32

	This Article
	Subscribers, please Login Purchase article: $19 PDF RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/EndNote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Anming Xie Articles by Guodong Chen Articles by Yonggang Wang Articles by Zhong Chen Articles by Jianbin Hu

2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement

A New Method to Generate Attack Graphs

Shanghai, China

July 08-July 10

ISBN: 978-0-7695-3758-0

	ASCII Text	x
	Anming Xie, Guodong Chen, Yonggang Wang, Zhong Chen, Jianbin Hu, "A New Method to Generate Attack Graphs," Secure System Integration and Reliability Improvement, pp. 401-406, 2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement, 2009.

	BibTex	x
	@article{ 10.1109/SSIRI.2009.32, author = {Anming Xie and Guodong Chen and Yonggang Wang and Zhong Chen and Jianbin Hu}, title = {A New Method to Generate Attack Graphs}, journal ={Secure System Integration and Reliability Improvement}, volume = {0}, year = {2009}, isbn = {978-0-7695-3758-0}, pages = {401-406}, doi = {http://doi.ieeecomputersociety.org/10.1109/SSIRI.2009.32}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Secure System Integration and Reliability Improvement TI - A New Method to Generate Attack Graphs SN - 978-0-7695-3758-0 SP401 EP406 A1 - Anming Xie, A1 - Guodong Chen, A1 - Yonggang Wang, A1 - Zhong Chen, A1 - Jianbin Hu, PY - 2009 KW - network security KW - attack graphs KW - host access graph KW - sub-attack graph VL - 0 JA - Secure System Integration and Reliability Improvement ER -

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/SSIRI.2009.32

To address the scalability problem in attack graphs generation, we propose a novel method to generate attack graphs automatically. Our approach constructs a two- tier attack graph framework, which includes a host access graph and some sub-attack graphs. A sub-attack graph describes concrete attack scenarios from one source host to one target host, while the host access graph describes the attacker’s privilege transition among hosts. Our sub-attack graphs and host access graph have remarkable smaller scales and can help network administrators to find the key hosts in attack sequences. Analysis shows that the upper bound computational cost of our model is O(N3), which could also be competed in real time. The following experiment validates our approach.

Index Terms:

network security, attack graphs, host access graph, sub-attack graph

Citation:

Anming Xie, Guodong Chen, Yonggang Wang, Zhong Chen, Jianbin Hu, "A New Method to Generate Attack Graphs," ssiri, pp.401-406, 2009 Third IEEE International Conference on Secure Software Integration and Reliability Improvement, 2009

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.