A host-based approach to network attack chaining analysis

21st Annual Computer Security Applications Conference (ACSAC'05) Pub Date : 2005-12-05 DOI:10.1109/CSAC.2005.6

P. Ammann, J. Pamula, Julie A. Street, Ronald W. Ritchey

{"title":"A host-based approach to network attack chaining analysis","authors":"P. Ammann, J. Pamula, Julie A. Street, Ronald W. Ritchey","doi":"10.1109/CSAC.2005.6","DOIUrl":null,"url":null,"abstract":"The typical means by which an attacker breaks into a network is through a chain of exploits, where each exploit in the chain lays the groundwork for subsequent exploits. Such a chain is called an attack path, and the set of all possible attack paths form an attack graph. Researchers have proposed a variety of methods to generate attack graphs. In this paper, we provide a novel alternative approach to network vulnerability analysis by utilizing a penetration tester's perspective of maximal level of penetration possible on a host. Our approach has the following benefits: it provides a more intuitive model in which an analyst can work, and its algorithmic complexity is polynomial in the size of the network, and so has the potential of scaling well to practical networks. The drawback is that we track only \"good\" attack paths, as opposed to all possible attack paths. Hence, an analyst may make suboptimal choices when repairing the network. Since attack graphs grow exponentially with the size of the network, we argue that suboptimal solutions are an unavoidable cost of scalability, and hence practical utility. A working prototype tool has been implemented to demonstrate the practicality of our approach","PeriodicalId":422994,"journal":{"name":"21st Annual Computer Security Applications Conference (ACSAC'05)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2005-12-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"104","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"21st Annual Computer Security Applications Conference (ACSAC'05)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSAC.2005.6","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 104

Abstract

The typical means by which an attacker breaks into a network is through a chain of exploits, where each exploit in the chain lays the groundwork for subsequent exploits. Such a chain is called an attack path, and the set of all possible attack paths form an attack graph. Researchers have proposed a variety of methods to generate attack graphs. In this paper, we provide a novel alternative approach to network vulnerability analysis by utilizing a penetration tester's perspective of maximal level of penetration possible on a host. Our approach has the following benefits: it provides a more intuitive model in which an analyst can work, and its algorithmic complexity is polynomial in the size of the network, and so has the potential of scaling well to practical networks. The drawback is that we track only "good" attack paths, as opposed to all possible attack paths. Hence, an analyst may make suboptimal choices when repairing the network. Since attack graphs grow exponentially with the size of the network, we argue that suboptimal solutions are an unavoidable cost of scalability, and hence practical utility. A working prototype tool has been implemented to demonstrate the practicality of our approach

查看原文本刊更多论文

基于主机的网络攻击链分析方法

攻击者侵入网络的典型手段是通过攻击链，其中链中的每个攻击都为后续攻击奠定了基础。这样的一条链被称为攻击路径，所有可能的攻击路径的集合形成了一个攻击图。研究人员提出了多种方法来生成攻击图。在本文中，我们提供了一种新颖的替代方法，通过利用渗透测试人员对主机上可能的最大渗透水平的观点来进行网络漏洞分析。我们的方法有以下好处:它提供了一个更直观的模型，分析师可以在其中工作，它的算法复杂性是网络大小的多项式，因此具有很好地扩展到实际网络的潜力。缺点是我们只跟踪“好的”攻击路径，而不是所有可能的攻击路径。因此，分析人员在修复网络时可能会做出次优选择。由于攻击图随着网络规模呈指数增长，我们认为次优解决方案是不可避免的可扩展性成本，因此具有实用价值。已经实现了一个工作原型工具来演示我们方法的实用性

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

21st Annual Computer Security Applications Conference (ACSAC'05)

自引率

0.00%

发文量