Network Security Evaluation Algorithm Based on Access Level Vectors

Abstract

The attack graph, a typical model-based method, is widely used in the field of network security evaluation. The biggest disadvantage of attack graph method is its exponential growth of the state space. This paper presents an efficient algorithm based on the malefactorpsilas access level vector in every host of the network to generate a reduced attack graph in polynomial compute complexity. In this algorithm, the state space is reduced to O(nm), where n is the number of nodes and m is the whole number of vulnerabilities in the network. We also present a standard method to generate attack templates from the vulnerabilities.