Two Formal Analys s of Attack Graphs
نویسندگان
چکیده
An attack graph is a succinct representation of all paths through a system that end in a state where an intruder has successfully achieved his goal. Today Red Teams determine the vulnerability of networked systems by drawing gigantic attack graphs by hand. Constructing attack graphs by hand is tedious, error-prone, and impractical for large systems. By viewing an attack as a violation of a safety property, we can use off-the-shelf model checking technology to produce attack graphs automatically: a successful path from the intruder’s viewpoint is a counterexample produced by the model checker. In this paper we present an algorithm for generating attack graphs using model checking as a sub-
منابع مشابه
A particle swarm optimization algorithm for minimization analysis of cost-sensitive attack graphs
To prevent an exploit, the security analyst must implement a suitable countermeasure. In this paper, we consider cost-sensitive attack graphs (CAGs) for network vulnerability analysis. In these attack graphs, a weight is assigned to each countermeasure to represent the cost of its implementation. There may be multiple countermeasures with different weights for preventing a single exploit. Also,...
متن کاملAn Ant Colony Optimization Algorithm for Network Vulnerability Analysis
Intruders often combine exploits against multiple vulnerabilities in order to break into the system. Each attack scenario is a sequence of exploits launched by an intruder that leads to an undesirable state such as access to a database, service disruption, etc. The collection of possible attack scenarios in a computer network can be represented by a directed graph, called network attack gra...
متن کاملMore Equienergetic Signed Graphs
The energy of signed graph is the sum of the absolute values of the eigenvalues of its adjacency matrix. Two signed graphs are said to be equienergetic if they have same energy. In the literature the construction of equienergetic signed graphs are reported. In this paper we obtain the characteristic polynomial and energy of the join of two signed graphs and thereby we give another construction ...
متن کاملFormal approach on modeling and predicting of software system security: Stochastic petri net
To evaluate and predict component-based software security, a two-dimensional model of software security is proposed by Stochastic Petri Net in this paper. In this approach, the software security is modeled by graphical presentation ability of Petri nets, and the quantitative prediction is provided by the evaluation capability of Stochastic Petri Net and the computing power of Markov chain. Each...
متن کاملGame-Theoretic Algorithms for Optimal Network Security Hardening Using Attack Graphs
In network security hardening a network administrator may need to use limited resources (such as honeypots) to harden a network against possible attacks. Attack graphs are a common formal model used to represent possible attacks. However, most existing works on attack graphs do not consider the reactions of attackers to different defender strategies. We introduce a game-theoretic model of the j...
متن کامل