Ranking intrusion likelihoods with exploitability of network vulnerabilities in a large-scale attack model

Network vulnerabilities are common sources of many security threats. Attack models representing chains of all possible vulnerability exploits by attackers can help locate security flaws and pre-determine appropriate preventative measures. To realize the full benefits of attack models, effective analysis is crucial. However, due to the size and complexity of the models, manually pinpointing potential critical attacks can be daunting. Thus, there is a need for an automated analysis approach. Existing techniques are either based on network topology alone or subjective prior knowledge. They do not utilize domain-specific knowledge. This paper presents an approach to automatically ranking states in an attack model in the order of their intrusion likelihoods. Using the degree of exploitability of network vulnerabilities and the Markov property, the proposed approach provides a tractable computation enhanced by domain-specific heuristic knowledge for estimating such likelihoods. The paper discusses the details of the approach, illustrates its use, and compares results with a similar existing technique with experiments on its performance.