TY - GEN
T1 - Analytical approach to attack graph analysis for network security
AU - Kijsanayothin, Phongphun
AU - Hewett, Rattikorn
PY - 2010
Y1 - 2010
N2 - An attack graph increasingly plays an important role in network security. It shows possible paths of actions consisting of the network vulnerability exploits that can lead to security breaches. Because most attack graphs are very large and complex, much research has focused on how these graphs can be automatically and efficiently generated. However, little has been done on attack graph analysis, namely how we can use attack graphs to better protect the network. This paper addresses the latter issue. We present a suit of systematic approaches to statically analyzing attack graphs by means of reasoning mechanisms based on logical expressions and conditional preference networks. The proposed approaches are general and theoretically grounded. The paper describes the approaches in details. We show how the resulting analysis can help derive many useful decisions. For example, it can assist a security administrator in selecting most cost-effective coun-termeasures, based on his preference criteria, to improve the security flaws found in the attack graph. For understandabil-ity, we illustrate our approach by presenting a study of a simple and small but realistic case scenario.
AB - An attack graph increasingly plays an important role in network security. It shows possible paths of actions consisting of the network vulnerability exploits that can lead to security breaches. Because most attack graphs are very large and complex, much research has focused on how these graphs can be automatically and efficiently generated. However, little has been done on attack graph analysis, namely how we can use attack graphs to better protect the network. This paper addresses the latter issue. We present a suit of systematic approaches to statically analyzing attack graphs by means of reasoning mechanisms based on logical expressions and conditional preference networks. The proposed approaches are general and theoretically grounded. The paper describes the approaches in details. We show how the resulting analysis can help derive many useful decisions. For example, it can assist a security administrator in selecting most cost-effective coun-termeasures, based on his preference criteria, to improve the security flaws found in the attack graph. For understandabil-ity, we illustrate our approach by presenting a study of a simple and small but realistic case scenario.
KW - Attack graphs
KW - Conditional preference networks
KW - Decision support systems
KW - Network security
UR - http://www.scopus.com/inward/record.url?scp=77952351300&partnerID=8YFLogxK
U2 - 10.1109/ARES.2010.21
DO - 10.1109/ARES.2010.21
M3 - Conference contribution
AN - SCOPUS:77952351300
SN - 9780769539652
T3 - ARES 2010 - 5th International Conference on Availability, Reliability, and Security
SP - 25
EP - 32
BT - ARES 2010 - 5th International Conference on Availability, Reliability, and Security
Y2 - 15 February 2010 through 18 February 2010
ER -