A Graph-Based Network-Vulnerability Analysis System
نویسندگان
چکیده
This report presents a graph-based approach to network vulnerability analysis. The method is flexible, allowing analysis of attacks from both outside and inside the network. It can analyze risks to a specific network asset, or examine the universe of possible consequences following a successful attack. The analysis system requires as input a database of common attacks, broken into atomic steps, specific network configuration and topology information, and an attacker profile. The attack information is “matched” with the network configuration information and an attacker profile to create a superset attack graph. Nodes identify a stage of attack, for example the class of machines the attacker has accessed and the user privilege level he or she has compromised. The arcs in the attack graph represent attacks or stages of attacks. By assigning probabilities of success on the arcs or costs representing level-of-effort for the attacker, various graph algorithms such as shortest-path algorithms can identify the attack paths with the highest probability of success.
منابع مشابه
An Ant Colony Optimization Algorithm for Network Vulnerability Analysis
Intruders often combine exploits against multiple vulnerabilities in order to break into the system. Each attack scenario is a sequence of exploits launched by an intruder that leads to an undesirable state such as access to a database, service disruption, etc. The collection of possible attack scenarios in a computer network can be represented by a directed graph, called network attack gra...
متن کاملTowards a measure of vulnerability, tenacity of a Graph
If we think of the graph as modeling a network, the vulnerability measure the resistance of the network to disruption of operation after the failure of certain stations or communication links. Many graph theoretical parameters have been used to describe the vulnerability of communication networks, including connectivity, integrity, toughness, binding number and tenacity.In this paper we discuss...
متن کاملA Survey On the Vulnerability Parameters of Networks
The analysis of vulnerability in networks generally involves some questions about how the underlying graph is connected. One is naturally interested in studying the types of disruption in the network that maybe caused by failures of certain links or nodes. In terms of a graph, the concept of connectedness is used in dierent forms to study many of the measures of vulnerability. When certain vert...
متن کاملVULNERABILITY ASSESSMENT OF WATER DISTRIBUTION NETWORKS: GRAPH THEORY METHOD
The main functional purpose of a water distribution network is to transport water from a source to several domestic and industrial units while at the same time satisfying various requirements on hydraulic response. All the water distribution networks perform two basic operations: firstly the water network needs to deliver adequate amounts of water to meet specific requirements, and secondly the...
متن کاململزومات امنیتی پیادهسازی IMS SIP سرور امن
IMS (IP Multimedia Subsystem) network is considered as an NGN (Next Generation Network) core networks by ETSI. Decomposition of IMS core network has resulted in a rapid increase of control and signaling message that makes security a required capability for IMS commercialization. The control messages are transmitted using SIP (Session Initiation Protocol) which is an application layer protocol. ...
متن کاملEdge-tenacity in Networks
Numerous networks as, for example, road networks, electrical networks and communication networks can be modeled by a graph. Many attempts have been made to determine how well such a network is "connected" or stated differently how much effort is required to break down communication in the system between at least some nodes. Two well-known measures that indicate how "reliable" a graph is are the...
متن کامل