Home // SECURWARE 2017, The Eleventh International Conference on Emerging Security Information, Systems and Technologies // View article

Attack Maze for Network Vulnerability Analysis

Authors:
Stanley Chow

Keywords: Network security; vulnerability analysis; scalable; vulnerability; exploit; maximum incursion; cyber security; metric; security metric; mission dependency

Abstract:
Even a well administered computer network will be vulnerable to attacks. There have been many proposals in the literature to address the problem of Network-Vulnerability Analysis. One approach is to generate an attack graph (a logical graph representation of all possible sequences of vulnerabilities) using some formal model. Attack graphs suffer from scalability issues as the size of the network or the number of services and vulnerabilities increase. This paper presents a new approach that treats the network as a maze, which the attacker has to solve. We then use the classical way to solve mazes in computer games – remembering where we have been by dropping things at each node. We present a graph-based algorithm to solve this maze and compute the Maximum Possible Incursion (MPI) for a given set of attackers or compromises. The developed simple breadth-first algorithm provides performance improvements over previous approaches (less than a minute to analyze a network with over 10,000 nodes). We also present a methodology to capture mission dependency, which represents how a mission relies on the underlying network. Finally, we compute an extensible set of security metrics that identify the current network status in multiple dimensions (e.g. Confidentiality, Integrity, and Availability). We also discuss future work to enumerate the specific attack paths that could be used to generate corrective recommendations.

Pages: 58 to 64

Copyright: Copyright (c) IARIA, 2017

Publication date: September 10, 2017

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-61208-582-1

Location: Rome, Italy

Dates: from September 10, 2017 to September 14, 2017