An Attack Graph Based Risk Management Approach of an Enterprise LAN

In today’s large complex enterprise network, security is a challenging task for most of the administrators. The typical means by which an attacker breaks into a network is through a series of exploits, where each exploit in the series satisfies the precondition for subsequent exploits and makes a causal relationship among them. Such a series of exploits constitutes an attack path and the set of all possible attack paths form an attack graph. Even the well administered networks are susceptible to such attacks as present day vulnerability scanners are only able to identify the vulnerabilities in isolation but there is a need for logical formalism and correlation among these vulnerabilities within a host or across multiple hosts to identify overall risk of the network. In this paper we propose a novel approach by map this problem in artificial intelligence domain and find out an attack path consisting of logically connected exploits, which essentially shows the minimum number of exploits required to gain access over a critical network resource. The solution is further extended to form an attack graph and find out the set of vulnerabilities which are the root cause for overall security threat towards enterprise network. The inherent time and scalability problem of attack graph generation is also taken care of in this approach. Once the set of vulnerabilities has been identified for rectification, the network administrator can then prioritize the vulnerability rectification procedure to make the network secure.