Skip to main content
SpringerLink
Log in

Ranking Attack Graphs

  • Conference paper
Recent Advances in Intrusion Detection (RAID 2006)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 4219))

Included in the following conference series:

Abstract

A majority of attacks on computer systems result from a combination of vulnerabilities exploited by an intruder to break into the system. An Attack Graph is a general formalism used to model security vulnerabilities of a system and all possible sequences of exploits which an intruder can use to achieve a specific goal. Attack Graphs can be constructed automatically using off-the-shelf model-checking tools. However, for real systems, the size and complexity of Attack Graphs greatly exceeds human ability to visualize, understand and analyze. Therefore, it is useful to identify relevant portions of an Attack Graph. To achieve this, we propose a ranking scheme for the states of an Attack Graph. Rank of a state shows its importance based on factors like the probability of an intruder reaching that state. Given a Ranked Attack Graph, the system administrator can concentrate on relevant subgraphs to figure out how to start deploying security measures. We also define a metric of security of the system based on ranks which the system administrator can use to compare Attack Graphs and determine the effectiveness of various defense measures. We present two algorithms to rank states of an Attack Graph based on the probability of an attacker reaching those states. The first algorithm is similar to the PageRank algorithm used by Google to measure importance of web pages on the World Wide Web. It is flexible enough to model a variety of situations, efficiently computable for large sized graphs and offers the possibility of approximations using graph partitioning. The second algorithm ranks individual states based on the reachability probability of an attacker in a random simulation. Finally, we give examples of an application of ranking techniques to multi-stage cyber attacks.

This research was sponsored by the Office of Naval Research under grant no. N00014-01-1-0796, the Army Research Office under grant no. DAAD19-01-1-0485, and the National Science Foundation under grant nos. CNS-0411152, CCF-0429120, and 0433540. The views and conclusions contained in this document are those of the author and should not be interpreted as representing the official policies, either expressed or implied, of any sponsoring institution, the U.S. government or any other entity.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bianchini, M., Gori, M., Scarselli, F.: Inside pagerank. ACM Transactions on Internet Technology, pp. 92–128 (2005)

    Google Scholar 

  2. Brin, S., Page, L.: Anatomy of a large-scale hypertextual web search engine. In: Proceedings of the 7th International World Wide Web Conference, Brisbane, Australia (1998)

    Google Scholar 

  3. Clarke, E., Grumberg, O., Peled, D.: Model checking. MIT Press, Cambridge (2000)

    Google Scholar 

  4. Dacier, M., Deswarte, Y., Kaaniche, M.: Quantitative assessment of operational security: Models and tools. Technical Report 96493, LAAS (May 1996)

    Google Scholar 

  5. Dawkins, J., Hale, J.: A systematic approach to multi-stage network attack analysis. In: Proceedings of the Second IEEE International Information Assurance Workshop (2004)

    Google Scholar 

  6. Haveliawala, T.: Efficient computation of pagerank. Stanford DB Group Technical Report (1999)

    Google Scholar 

  7. Haveliawala, T., Kamvar, S., Jeh, G.: An analytical comparison of approaches to personalizing pagerank. Stanford University Technical Report (2003)

    Google Scholar 

  8. Jha, S., Sheyner, O., Wing, J.M.: Minimization and reliability analysis of attack graphs. In: CMU CS Technical Report (February 2002)

    Google Scholar 

  9. Jha, S., Sheyner, O., Wing, J.M.: Two formal analyses of attack graphs. In: Proceedings of the 15th IEEE Computer Security Foundations Workshop, Nova Scotia, Canada, pp. 49–63 (June 2002)

    Google Scholar 

  10. Jha, S., Wing, J.M.: Survivability analysis of networked systems. In: 23rd International Conference on Software Engineering (ICSE 2001), p. 0307 (2001)

    Google Scholar 

  11. Kamvar, S., Haveliawala, T., Golub, G.: Adaptive methods for the computation of pagerank. In: Stanford University Technical Report (2003)

    Google Scholar 

  12. Kamvar, S., Haveliawala, T., Manning, C., Golub, G.: Exploiting the block structure of the web for computing pagerank. In: Stanford University Technical Report (2003)

    Google Scholar 

  13. Kamvar, S., Haveliawala, T., Manning, C., Golub, G.: Extrapolation methods for accelerating pagerank computations. In: Proceedings of the Twelfth International World Wide Web Conference (2003)

    Google Scholar 

  14. Kuehlmann, A., McMilan, K.L., Brayton, R.K.: Probabilistic state space search. In: Proceedings of ACM/IEEE international conference on Computer Aided Design (1999)

    Google Scholar 

  15. Langville, A.N., Meyer, C.D.: Deeper inside pagerank. Internet Mathematics, 335–400 (2004)

    Google Scholar 

  16. Lee, C.P.-C., Golub, G.H., Zenios, S.A.: A fast two-stage algorithm for computing pagerank and its extensions. Scientific Computation and Computational Mathematics (2003)

    Google Scholar 

  17. Madan, B.B., Popstojanova, K.G., Vaidyanathan, K., Trivedi, K.S.: A method for modeling and quantifying the security attributes of intrusion tolerant systems. In: Dependable Systems and Networks-Performance and Dependability Symposium, pp. 167–186 (2004)

    Google Scholar 

  18. Noel, S., Jajodia, S.: Managing attack graph complexity through visual hierarchical aggregation. In: Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, Washington DC, USA (2004)

    Google Scholar 

  19. Ortalo, R., Deshwarte, Y., Kaaniche, M.: Experimenting with quantitative evaluation tools for monitoring operational security. IEEE Transactions on Software Engineering, 633–650 (October 1999)

    Google Scholar 

  20. Phillips, C.A., Swiler, L.P.: A graph-based system for network vulnerability analysis. In: Proceedings of the DARPA Information Survivability Conference and Exposition, pp. 71–79 (June 2000)

    Google Scholar 

  21. Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA (May 2002)

    Google Scholar 

  22. Sheyner, O., Wing, J.M.: Tools for generating and analyzing attack graphs. In: de Boer, F.S., Bonsangue, M.M., Graf, S., de Roever, W.-P. (eds.) FMCO 2003. LNCS, vol. 3188, pp. 344–371. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  23. Staniford, S., Paxson, V., Weaver, N.: How to own the internet in your spare time. In: Proceedings of the 11th USENIX Security symposium (2002)

    Google Scholar 

  24. Zhu, H.F.: The methematical models of computer virus infection and methods of prevention. Mini-Micro Systems (Journal of China Computer Society) 11(7), 14–21 (1990)

    Google Scholar 

  25. Zou, C.C., Towsley, D., Gong, W.: Email virus and worm propagation simulation. In: 13th International conference on Computers Communications and Networks, Chicago (October 2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Carnegie Mellon University, Pittsburgh, USA

    Vaibhav Mehta, Constantinos Bartzis, Haifeng Zhu, Edmund Clarke & Jeannette Wing

Authors
  1. Vaibhav Mehta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Constantinos Bartzis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Haifeng Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Edmund Clarke
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jeannette Wing
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. IBM Research Laboratory, Säumerstr. 4, 8803, Rüschlikon, Switzerland

    Diego Zamboni

  2. Secure Systems Lab, Technical University of Vienna, 1040, Vienna, Austria

    Christopher Kruegel

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Mehta, V., Bartzis, C., Zhu, H., Clarke, E., Wing, J. (2006). Ranking Attack Graphs. In: Zamboni, D., Kruegel, C. (eds) Recent Advances in Intrusion Detection. RAID 2006. Lecture Notes in Computer Science, vol 4219. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11856214_7

Download citation

  • DOI: https://doi.org/10.1007/11856214_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-39723-6

  • Online ISBN: 978-3-540-39725-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation