Distributed Attack Graph Generation

Abstract

Attack graphs show possible paths that an attacker can use to intrude into a target network and gain privileges through series of vulnerability exploits. The computation of attack graphs suffers from the state explosion problem occurring most notably when the number of vulnerabilities in the target network grows large. Parallel computation of attack graphs can be utilized to attenuate this problem. When employed in online network security evaluation, the computation of attack graphs can be triggered with the correlated intrusion alerts received from sensors scattered throughout the target network. In such cases, distributed computation of attack graphs becomes valuable. This article introduces a parallel and distributed memory-based algorithm that builds vulnerability-based attack graphs on a distributed multi-agent platform. A virtual shared memory abstraction is proposed to be used over such a platform, whose memory pages are initialized by partitioning the network reachability information. We demonstrate the feasibility of parallel distributed computation of attack graphs and show that even a small degree of parallelism can effectively speed up the generation process as the problem size grows. We also introduce a rich attack template and network model in order to form chains of vulnerability exploits in attack graphs more precisely.

@ARTICLE{7087377, 
author={Kaynar, K. and Sivrikaya, F.}, 
journal={Dependable and Secure Computing, IEEE Transactions on}, 
title={Distributed Attack Graph Generation}, 
year={2015}, 
month={}, 
volume={PP}, 
number={99}, 
pages={1-1}, 
keywords={Buildings;Computational modeling;Databases;Explosions;Search problems;Security;Software;attack graph;distributed computing;exploit;reachability;vulnerability;weakness}, 
doi={10.1109/TDSC.2015.2423682}, 
ISSN={1545-5971},}
Autoren:
Kerem Kaynar, Fikret Sivrikaya
Kategorie:
Journal
Jahr:
2015
Ort:
IEEE Transactions on Dependable and Secure Computing