A Graph-Theoretic Visualization Approach to Network Risk Analysis

  • Scott O’Hare
  • Steven Noel
  • Kenneth Prole
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5210)


This paper describes a software system that provides significant new capabilities for visualization and analysis of network attack graphs produced through Topological Vulnerability Analysis (TVA). The TVA approach draws on a database of known exploits and system vulnerabilities to provide a connected graph representing possible cyber-attack paths within a given network.  Our visualization approach builds on the extensive functionality of the yWorks suite of graphing tools, providing customized new capabilities for importing, displaying, and interacting with large scale attack graphs, to facilitate comprehensive network security analysis.  These visualization capabilities include clustering of attack graph elements for reducing visual complexity, a hierarchical dictionary of attack graph elements, high-level overview with detail drilldown, interactive on-graph hardening of attacker exploits, and interactive graph layouts.  This new visualization system is an integrated component of the CAULDRON attack graph tool developed at George Mason University.


network security attack graph exploit analysis vulnerability assessment visualization situational awareness 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Jajodia, S., Noel, S.: Topological Vulnerability Analysis: A Powerful New Approach for Network Attack Prevention, Detection, and Response. Indian Statistical Institute Monograph Series. World Scientific Press, Singapore (2008)Google Scholar
  2. 2.
    yWorks – The Diagramming Company,
  3. 3.
    Noel, S., Jajodia, S.: Managing Attack Graph Complexity through Visual Hierarchical Aggregation. In: Workshop on Visualization and Data Mining for Computer Security (2004)Google Scholar
  4. 4.
    Wang, L., Noel, S., Jajodia, S.: Minimum-Cost Network Hardening Using Attack Graphs. Computer Communications 29(18), 3812–3824 (2006)CrossRefGoogle Scholar
  5. 5.
    Phillips, C., Swiler, L.: A Graph-Based System for Network-Vulnerability Analysis. In: New Security Paradigms Workshop (1998)Google Scholar
  6. 6.
    Ritchey, R., Ammann, P.: Using Model Checking to Analyze Network Vulnerabilities. In: IEEE Symposium on Security and Privacy (2000)Google Scholar
  7. 7.
    Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.: Automated Generation and Analysis of Attack Graphs. In: Proceedings of the IEEE Symposium on Security and Privacy (2002)Google Scholar
  8. 8.
    Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, Graph-Based Network Vulnerability Analysis. In: 9th ACM Conference on Computer and Communications Security (2002)Google Scholar
  9. 9.
    Wang, L., Yao, C., Singhal, A., Jajodia, S.: Interactive Analysis of Attack Graphs Using Relational Queries. In: Data and Applications Security XX (2006)Google Scholar
  10. 10.
    Ou, X., Boyer, W., McQueen, M.: A Scalable Approach to Attack Graph Generation. In: 13th ACM Conference on Computer and Communications Security (2006)Google Scholar
  11. 11.
    Williams, L., Lippmann, R., Ingols, K.: An Interactive Attack Graph Cascade and Reachability Display. In: Workshop on Visualization for Computer Security (2007)Google Scholar
  12. 12.
  13. 13.
    RedSeal Systems,

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Scott O’Hare
    • 1
  • Steven Noel
    • 2
  • Kenneth Prole
    • 1
  1. 1.Secure DecisionsDivision of Applied Visions Inc.NYUSA
  2. 2.Center for Secure Information SystemsGeorge Mason University, FairfaxVAUSA

Personalised recommendations