A Scalable Attack Graph Generation for Network Security Management
Abstract
As the dependencies on network system is increasing, such systems are vulnerable and are exposed to different attacks due to some software misconfigurations, software flaws and operating system service malfunctions. Network managers often rely on Attack Graphs to visually perform security risk assessment on the network systems. The Attack Graphs are very cumbersome to visually understand as they grow exponentially when the size of the network increases or the number of hosts‟ vulnerabilities increases in a network. This paper addresses the scalability issues of Attack Graph generation by leveraging on graph theory background. MulVAL and Nessus scanners tools were employed for the generation of Attack Graphs and network information mapping respectively. A computational algorithm that is capable of handling cycles was formulated. A valid path detection algorithm was also formulated to determine the most critical and valid paths needed within an Attack Graph for the purpose network security risk assessment. The results showed that the proposed model alleviates redundancy in Attack Graphs. This will assist the security administrator in making reasonable decision on the security risk management of the network systems.
Full Text: PDF DOI: 10.15640/jcsit.v6n2a4
Abstract
As the dependencies on network system is increasing, such systems are vulnerable and are exposed to different attacks due to some software misconfigurations, software flaws and operating system service malfunctions. Network managers often rely on Attack Graphs to visually perform security risk assessment on the network systems. The Attack Graphs are very cumbersome to visually understand as they grow exponentially when the size of the network increases or the number of hosts‟ vulnerabilities increases in a network. This paper addresses the scalability issues of Attack Graph generation by leveraging on graph theory background. MulVAL and Nessus scanners tools were employed for the generation of Attack Graphs and network information mapping respectively. A computational algorithm that is capable of handling cycles was formulated. A valid path detection algorithm was also formulated to determine the most critical and valid paths needed within an Attack Graph for the purpose network security risk assessment. The results showed that the proposed model alleviates redundancy in Attack Graphs. This will assist the security administrator in making reasonable decision on the security risk management of the network systems.
Full Text: PDF DOI: 10.15640/jcsit.v6n2a4
Browse Journals
Journal Policies
Information
Useful Links
- Call for Papers
- Submit Your Paper
- Publish in Your Native Language
- Subscribe the Journal
- Frequently Asked Questions
- Contact the Executive Editor
- Recommend this Journal to Librarian
- View the Current Issue
- View the Previous Issues
- Recommend this Journal to Friends
- Recommend a Special Issue
- Comment on the Journal
- Publish the Conference Proceedings
Latest Activities
Resources
Visiting Status
 Today |
100 |
| Yesterday |
64 |
| This Month |
3352 |
| Last Month |
5405 |
 All Days |
1450294 |
 Online |
4 |
