{"title":"面向目标的攻击图建模与分析方法","authors":"Xuejiao Liu, Chengfang Fang, Debao Xiao, Hui Xu","doi":"10.1109/ICISA.2010.5480282","DOIUrl":null,"url":null,"abstract":"As network components are often highly interdependent and interconnected,an adversary outside can take advantage of multiple vulnerabilities in unexpected ways, incrementally penetrate a network and compromise critical systems. Attack graph is commonly used for analyzing network security level for its capability in reflecting all network vulnerabilities and their inter relationships. However, attack graph assumes an over pessimistic situation by giving the attacker unlimited power of exploiting each chain of vulnerabilities in the network, leading the complexity of analyzing to grow exponentially with the size of network. Therefore, the weakest paths suggested by such analysis could be inaccurate for adversary with limited computation power. In this paper, we investigate how attackers are planning to exploit vulnerabilities towards their targets and present the idea of a goal-oriented analysis of attack graph to address this problem. We give algorithms for analyzing network vulnerabilities, predicting attackers's potential target, and giving suggestions on patching the weakest nodes based on attackers' targets.","PeriodicalId":313762,"journal":{"name":"2010 International Conference on Information Science and Applications","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"A Goal-Oriented Approach for Modeling and Analyzing Attack Graph\",\"authors\":\"Xuejiao Liu, Chengfang Fang, Debao Xiao, Hui Xu\",\"doi\":\"10.1109/ICISA.2010.5480282\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"As network components are often highly interdependent and interconnected,an adversary outside can take advantage of multiple vulnerabilities in unexpected ways, incrementally penetrate a network and compromise critical systems. Attack graph is commonly used for analyzing network security level for its capability in reflecting all network vulnerabilities and their inter relationships. However, attack graph assumes an over pessimistic situation by giving the attacker unlimited power of exploiting each chain of vulnerabilities in the network, leading the complexity of analyzing to grow exponentially with the size of network. Therefore, the weakest paths suggested by such analysis could be inaccurate for adversary with limited computation power. In this paper, we investigate how attackers are planning to exploit vulnerabilities towards their targets and present the idea of a goal-oriented analysis of attack graph to address this problem. We give algorithms for analyzing network vulnerabilities, predicting attackers's potential target, and giving suggestions on patching the weakest nodes based on attackers' targets.\",\"PeriodicalId\":313762,\"journal\":{\"name\":\"2010 International Conference on Information Science and Applications\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-04-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 International Conference on Information Science and Applications\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICISA.2010.5480282\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 International Conference on Information Science and Applications","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICISA.2010.5480282","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Goal-Oriented Approach for Modeling and Analyzing Attack Graph
As network components are often highly interdependent and interconnected,an adversary outside can take advantage of multiple vulnerabilities in unexpected ways, incrementally penetrate a network and compromise critical systems. Attack graph is commonly used for analyzing network security level for its capability in reflecting all network vulnerabilities and their inter relationships. However, attack graph assumes an over pessimistic situation by giving the attacker unlimited power of exploiting each chain of vulnerabilities in the network, leading the complexity of analyzing to grow exponentially with the size of network. Therefore, the weakest paths suggested by such analysis could be inaccurate for adversary with limited computation power. In this paper, we investigate how attackers are planning to exploit vulnerabilities towards their targets and present the idea of a goal-oriented analysis of attack graph to address this problem. We give algorithms for analyzing network vulnerabilities, predicting attackers's potential target, and giving suggestions on patching the weakest nodes based on attackers' targets.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
