Abstract:

Automated generation of attack graphs always encounters efficiency problem when using attack graphs to analyse the vulnerabilities of large networks. This paper proposes a backward approach to attack graphs generation based on attack patterns with great efficiency. Firstly, we propose a novel model of network based on the key attributes of networks, which is improved upon the  previous models. This model optimizes the network connections and downsizes the network. Secondly, after abstracting a large number of vulnerabilities, we sum up a few attack patterns, based on which we build an efficiency approach to attribute attack graphs generation. Thirdly, the backward approach we propose solves the problem of loop attack paths. Finally, the experimental result shows that, our backward approach generates partial attack graphs which illustrate the potential interrelations among the known vulnerabilities just related to the given attack goal in the targeted network, while other forward approaches generate full attack graphs. And we show the experimental evidence that our attribute attack graph generation algorithm is very efficient, the complexity of the algorithm is between O(|H|2) and O(|H|3).

Key words: vulnerability;attribute attack graph;attack pattern