STUDY SPACE
A Graph-Based System for Network-Vulnerability Analysis

A Graph-Based System for Network-Vulnerability Analysis

1999 | Cynthia Phillips, Laura Painton Swiler
This paper introduces a graph-based approach to network vulnerability analysis, designed to assess both external and internal threats. The method uses a superset attack graph that integrates attack templates, network configuration details, and attacker profiles to identify high-probability attack paths. The system can evaluate the effectiveness of configuration changes and intrusion detection systems by simulating various attack scenarios. Key features include the ability to model dynamic network aspects, multiple attacker capabilities, and time dependencies. The attack graph is generated by matching attack templates with network configurations and attacker profiles, and edge weights represent success probabilities or costs. The paper discusses the inputs required (configuration files, attacker profiles, and attack templates), the generation of the attack graph, and various analysis methods such as finding low-cost attack paths and cost-effective defenses. Implementation issues and potential limitations are also addressed, highlighting the system's potential for enhancing network security.This paper introduces a graph-based approach to network vulnerability analysis, designed to assess both external and internal threats. The method uses a superset attack graph that integrates attack templates, network configuration details, and attacker profiles to identify high-probability attack paths. The system can evaluate the effectiveness of configuration changes and intrusion detection systems by simulating various attack scenarios. Key features include the ability to model dynamic network aspects, multiple attacker capabilities, and time dependencies. The attack graph is generated by matching attack templates with network configurations and attacker profiles, and edge weights represent success probabilities or costs. The paper discusses the inputs required (configuration files, attacker profiles, and attack templates), the generation of the attack graph, and various analysis methods such as finding low-cost attack paths and cost-effective defenses. Implementation issues and potential limitations are also addressed, highlighting the system's potential for enhancing network security.
Terms of Service
Privacy Policy
Reach us at info@study.space