Topological Vulnerability Analysis

Part of the Advances in Information Security book series (ADIS, volume 46)


Traditionally, network administrators rely on labor-intensive processes for tracking network configurations and vulnerabilities. This requires a great deal of expertise, and is error prone because of the complexity of networks and associated security data. The interdependencies of network vulnerabilities make traditional point-wise vulnerability analysis inadequate. We describe a Topological Vulnerability Analysis (TVA) approach that analyzes vulnerability dependencies and shows all possible attack paths into a network. From models of the network vulnerabilities and potential attacker exploits, we compute attack graphs that convey the impact of individual and combined vulnerabilities on overall security. TVA finds potential paths of vulnerability through a network, showing exactly how attackers may penetrate a network. From this, we identify key vulnerabilities and provide strategies for protection of critical network assets.


Intrusion Detection Situational Awareness Attack Scenario Internal Server Network Attack 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.



This material is based upon work supported by Homeland Security Advanced Research Projects Agency under the contract FA8750-05-C-0212 administered by the Air Force Research Laboratory/Rome; by Air Force Research Laboratory/Rome under the contract FA8750-06-C-0246; by Federal Aviation Administration under the contract DTFAWA-08-F-GMU18; by Air Force Office of Scientific Research under grant FA9550-07-1-0527 and FA9550-08-1-0157; and by the National Science Foundation under grants CT-0716567, CT-0716323, and CT-0627493. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the sponsoring organizations.


  1. [1]
    S. Jajodia, S. Noel, and B. O’Berry, “Topological Analysis of Network Attack Vulnerability,” in Managing Cyber Threats: Issues, Approaches and Challenges, V. Kumar, J. Srivastava, A. Lazarevic (eds.), Kluwer Academic Publisher, 2005, pages 248-266.Google Scholar
  2. [2]
    S. Jajodia, S. Noel, “Topological Vulnerability Analysis: A Powerful New Approach for Network Attack Prevention, Detection, and Response,” in Algorithms, Architectures and Information Systems Security (Indian Statistical Institute Platinum Jubilee Series), B. B. Bhattacharya, S. Sur-Kolay, S. C. Nandy, A. Bagchi, eds., World Scientific, New Jersey, 2009, pages 285–305.Google Scholar
  3. [3]
    S. Noel, M. Jacobs, P. Kalapa. S. Jajodia, “Multiple Coordinated Views for Network Attack Graphs,” in IEEE Workshop on Visualization for Computer Security (VizSEC2005), Minneapolis, MN, October, 2005, pages 99–106.Google Scholar
  4. [4]
    L. Wang, S. Noel, S. Jajodia, “Minimum-Cost Network Hardening Using Attack Graphs,” Computer Communications, 29(18), 2006, pages 3812–3824.CrossRefGoogle Scholar
  5. [5]
    S. Noel, S. Jajodia, “Optimal IDS Sensor Placement and Alert Prioritization Using Attack Graphs,” Journal of Network and Systems Management, 16(3), 2008, pages 259–275.CrossRefGoogle Scholar
  6. [6]
    S. Noel, E. Robertson, S. Jajodia, “Correlating Intrusion Events and Building Attack Scenarios through Attack Graph Distances,” in Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC), 2004, pages 350–359.Google Scholar
  7. [7]
    R. Deraison, Nessus,
  8. [8]
    eEye Digital Security, Retina Network Security Scanner,
  9. [9]
    Foundstone, FoundScan Frequently Asked Questions,
  10. [10]
    Secure Computing, Sidewinder Firewall Device,
  11. [11]
    Centennial Software, Discovery Asset Management,
  12. [12]
    Symantec, Altiris,
  13. [13]
    NIST, National Vulnerability Database (NVD),
  14. [14]
    Security Focus, Bugtraq Vulnerabilities,
  15. [15]
    Symantec Corporation, Symantec DeepSight Threat Management System,
  16. [16]
    Open Source Vulnerability Database,
  17. [17]
    MITRE Corporation, CVE - Common Vulnerabilities and Exposures,
  18. [18]
    R. Ritchey, B. O’Berry, S. Noel, “Representing TCP/IP Connectivity for Topological Analysis of Network Security,” in Proceedings of the 18th Annual Computer Security Applications Conference (ACSAC), 2002, pages 156–165.Google Scholar
  19. [19]
    D. Turner, M. Fossi, E. Johnson, T. Mack, J. Blackbird, S. Entwisle, M. K. Low, D. McKinney, C. Wueest, Symantec Global Internet Security Threat Report Trends, 2008.Google Scholar
  20. [20]
    NIST, Security Content Automation Protocol (SCAP),
  21. [21]
    MITRE, Common Platform Enumeration (CPE),
  22. [22]
    MITRE, Oval Language,
  23. [23]
    P. Ammann, D. Wijesekera, S. Kaushik, “Scalable, Graph-Based Network Vulnerability Analysis,” in Proceedings of the 9th ACM Conference on Computer and Communications Security, Washington, DC, pages 217–224.Google Scholar
  24. [24]
    S. Noel, J. Jajodia, “Understanding Complex Network Attack Graphs through Clustered Adjacency Matrices,” in Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC), 2005, pages 160–169.Google Scholar
  25. [25]
    D. Zerkle, K. Levitt, “Netkuang: A Multi-Host Configuration Vulnerability Checker,” in Proceedings of the 6th USENIX Unix Security Symposium, 1996.Google Scholar
  26. [26]
    R. Ritchey, P. Ammann, “Using Model Checking to Analyze Network Vulnerabilities,” in Proceedings of the IEEE Symposium on Security and Privacy, 2000.Google Scholar
  27. [27]
    L. Swiler, C. Phillips, D. Ellis, S. Chakerian, “Computer-Attack Graph Generation Tool,” in Proceedings of the DARPA Information Survivability Conference & Exposition II, 2001.Google Scholar
  28. [28]
    O. Sheyner, J. Haines, S. Jha, R. Lippmann, J. Wing, “Automated Generation and Analysis of Attack Graphs,” in Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA.Google Scholar
  29. [29]
    R. Lippmann, K. Ingols, C. Scott, K. Piwowarski, K. Kratkiewicz, M. Artz, R. Cunningham, “Validating and Restoring Defense in Depth Using Attack Graphs,” in Proceedings of the MILCOM Military Communications Conference, 2006.Google Scholar
  30. [30]
    S. Noel, S. Jajodia, “Managing Attack Graph Complexity through Visual Hierarchical Aggregation,” in Proceedings of the ACM CCS Workshop on Visualization and Data Mining for Computer Security Fairfax, Virginia.Google Scholar
  31. [31]
    W. Li, An Approach to Graph-Based Modeling of Network Exploitations, PhD dissertation, Department of Computer Science, Mississippi State University, 2005.Google Scholar
  32. [32]
    F. Cuppens, R. Ortalo, “LAMBDA: A Language to Model a Database for Detection of Attacks,” in 3rd International Workshop on Recent Advances in Intrusion Detection, 2000.Google Scholar
  33. [33]
    S. Templeton, K. Levitt, “A Requires/Provides Model for Computer Attacks,” in New Security Paradigms Workshop, 2000.Google Scholar
  34. [34]
  35. [35]
    RedSeal Systems,
  36. [36]
    R. Lippmann, K. Ingols, An Annotated Review of Past Papers on Attack Graphs, Lincoln Laboratory, Technical Report ESC-TR-2005-054, 2005.Google Scholar

Copyright information

© Springer-Verlag US 2010

Authors and Affiliations

  1. 1.Center for Secure Information SystemsGeorge Mason UniversityFairfaxUSA

Personalised recommendations