GARNET: A Graphical Attack Graph and Reachability Network Evaluation Tool

  • Leevar Williams
  • Richard Lippmann
  • Kyle Ingols
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5210)


Attack graphs enable computation of important network security metrics by revealing potential attack paths an adversary could use to gain control of network assets. This paper presents GARNET (Graphical Attack graph and Reachability Network Evaluation Tool), an interactive visualization tool that facilitates attack graph analysis. It provides a simplified view of critical steps that can be taken by an attacker and of host-to-host network reachability that enables these exploits. It allows users to perform “what-if” experiments including adding new zero-day attacks, following recommendations to patch software vulnerabilities, and changing the attacker starting location to analyze external and internal attackers. Users can also compute and view metrics of assets captured versus attacker effort to compare the security of complex networks. For adversaries with three skill levels, it is possible to create graphs of assets captured versus attacker steps and the number of unique exploits required. GARNET is implemented as a Java application and is built on top of an existing C++ engine that performs reachability and attack graph computations. An initial round of user evaluations described in this paper led to many changes that significantly enhance usability.


attack graph visualization treemap security metrics adversary model network vulnerability exploit attack path recommendation 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bederson, B., Shneiderman, B., Wattenberg, M.: Ordered and quantum treemaps: making effective use of 2d space to display hierarchies. ACM Transactions on Graphics 21(4), 833–854 (2002)CrossRefGoogle Scholar
  2. 2.
    Buckshaw, D., Parnell, G., Unkenholz, W., Parks, D., Wallner, J., Saydjari, S.: Mission oriented risk and design analysis of critical information systems. Military Operations Research 10(2), 19–38 (2005)Google Scholar
  3. 3.
    Evans, S., Heinbuch, D., Kyle, E., Piorkowski, J., Wallner, J.: Risk-based systems security engineering: stopping attacks with intention. IEEE Security and Privacy Magazine 2(4), 59–62 (2004)CrossRefGoogle Scholar
  4. 4.
    Ingols, K., Lippmann, R., Piwowarski, K.: Practical attack graph generation for network defense. In: Proceedings Computer Security Applications Conference (ACSAC), pp. 121–130 (2006)Google Scholar
  5. 5.
    Jaquith, A.: Security metrics: replacing fear, uncertainty, and doubt. Addison Wesley, Reading (2007)Google Scholar
  6. 6.
    Kewley, D., Lowry, J.: Observations on the effects of defense in depth on adversary behavior in cyber warfare. In: Proceedings of the 2001 IEEE Workshop on Information Assurance and Security United States Military Academy, West Point, NY, 5-6 June (2001)Google Scholar
  7. 7.
    Lippmann, R., Ingols, K.: An annotated review of past papers on attack graphs. MIT Lincoln Laboratory, Lexington, MA, Tech. Rep., 2005, ESC-TR-2005-054 (2005)Google Scholar
  8. 8.
    Lippmann, R., Ingols, K., Scott, C., Piwowarski, K., Kratkiewicz, K., Cunningham, R.: Validating and restoring defense in depth using attack graphs. In: MILCOM 2006, Washington, DC (2006)Google Scholar
  9. 9.
    Mell, P., Scarfone, K., Romanosky, S.: A complete guide to common vulnerability scoring system version 2.0 (2008) (Accessed 23 April 2008),
  10. 10.
    Nielsen, J.: Heuristic evaluation. In: Nielsen, J., Mack, R.L. (eds.) Usability Inspection Methods. John Wiley and Sons, New York (1994)Google Scholar
  11. 11.
    Nielsen, J., Molich, R.: Heuristic evaluation of user interfaces. In: Proceedings ACM CHI 1990 Conference, Seattle, WA, pp. 249–256 (1990)Google Scholar
  12. 12.
    Noel, S., Jajodia, S.: Understanding complex network attack graphs through clustered adjacency matrices. In: Proceedings Computer Security Applications Conference (ACSAC), pp. 160–169 (2005)Google Scholar
  13. 13.
    NVD National Vulnerability Database (2008) (Accessed 11 April 2008),
  14. 14.
    Ou, X., Govindavajhala, S., Appel, A.W.: Mulval: a logic- based network security analyzer. In: Proceedings of the 14th Usenix Security Symposium 2005, pp. 113–128 (2005)Google Scholar
  15. 15.
    Phan, D., Xiao, L., Yeh, R.B., Hanrahan, P., Winograd, T.: Flow map layout. In: Proceedings of the IEEE Symposium on Information Visualization 2005, pp. 219–224 (2005)Google Scholar
  16. 16.
    RedSeal Systems Inc. (2008) (Accessed 11 April 2008),
  17. 17.
    Shneiderman, B., Aris, A.: Network visualization by semantic substrates. IEEE Transactions on Visualization and Computer Graphics 12(5), 733–740 (2006)CrossRefGoogle Scholar
  18. 18.
    Skybox Security Inc. (2008) (Accessed 11 April 2008),
  19. 19.
    SWIG (2008) (Accessed 11 April 2008),
  20. 20.
    Symantec Corp. Internet security threat report (2008) (Accessed 11 April 2008),
  21. 21.
    Williams, L., Lippmann, R., Ingols, K.: An interactive attack graph cascade and reachability display. In: VizSec 2007, Sacramento, CA (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Leevar Williams
    • 1
  • Richard Lippmann
    • 1
  • Kyle Ingols
    • 1
  1. 1.MIT Lincoln LaboratoryLexington

Personalised recommendations