A graph-based network-vulnerability analysis system [electronic resource].
- Washington, D.C. : United States. Dept. of Energy, 1998. and Oak Ridge, Tenn. : Distributed by the Office of Scientific and Technical Information, U.S. Dept. of Energy.
- Physical Description:
- 22 pages : digital, PDF file
- Additional Creators:
- Sandia National Laboratories, United States. Department of Energy, and United States. Department of Energy. Office of Scientific and Technical Information
- Restrictions on Access:
- Free-to-read Unrestricted online access
- This paper presents a graph based approach to network vulnerability analysis. The method is flexible, allowing analysis of attacks from both outside and inside the network. It can analyze risks to a specific network asset, or examine the universe of possible consequences following a successful attack. The analysis system requires as input a database of common attacks, broken into atomic steps, specific network configuration and topology information, and an attacker profile. The attack information is matched with the network configuration information and an attacker profile to create a superset attack graph. Nodes identify a stage of attack, for example the class of machines the attacker has accessed and the user privilege level he or she has compromised. The arcs in the attack graph represent attacks or stages of attacks. By assigning probabilities of success on the arcs or costs representing level of effort for the attacker, various graph algorithms such as shortest path algorithms can identify the attack paths with the highest probability of success.
- Published through SciTech Connect., 05/03/1998., "sand--97-3010c", " conf-980534--", "DE98001486", "YN0100000", 1998 IEEE symposium on security and privacy, Oakland, CA (United States), 3-6 May 1998., and Phillips, C.; Gaylor, T.; Swiler, L.P.
- Funding Information:
View MARC record | catkey: 14348667