• 中国计算机学会会刊
  • 中国科技核心期刊
  • 中文核心期刊

J4 ›› 2011, Vol. 33 ›› Issue (7): 18-24.

• 论文 • Previous Articles     Next Articles

A Backward Search Approach to Attack Graph Generation Based on Attack Patterns

ZHAO Bao1,ZHANG Yi2,MENG Yuan1   

  1. (1.Corps 95972,Jiuquan 735018;
    2.School of Computer Science,National University of Defense Technology,Changsha 410073,China)
  • Received:2009-05-22 Revised:2009-09-14 Online:2011-07-21 Published:2011-07-25

Abstract:

Automated generation of attack graphs always encounters efficiency problem when using attack graphs to analyse the vulnerabilities of large networks. This paper proposes a backward approach to attack graphs generation based on attack patterns with great efficiency. Firstly, we propose a novel model of network based on the key attributes of networks, which is improved upon the  previous models. This model optimizes the network connections and downsizes the network. Secondly, after abstracting a large number of vulnerabilities, we sum up a few attack patterns, based on which we build an efficiency approach to attribute attack graphs generation. Thirdly, the backward approach we propose solves the problem of loop attack paths. Finally, the experimental result shows that, our backward approach generates partial attack graphs which illustrate the potential interrelations among the known vulnerabilities just related to the given attack goal in the targeted network, while other forward approaches generate full attack graphs. And we show the experimental evidence that our attribute attack graph generation algorithm is very efficient, the complexity of the algorithm is between O(|H|2) and O(|H|3).

Key words: vulnerability;attribute attack graph;attack pattern