An Approach to Model Network Exploitations Using Exploitation Graphs

Author(s)

Wei Li, Nova Southeastern UniversityFollow
Rayford B. Vaughn
Yoginder S. Dandass

Document Type

Article

Publication Title

Simulation

ISSN

0037-5497

Publication Date

2006

Abstract

In this article, a modeling process is defined to address challenges in analyzing attack scenarios and mitigating vulnerabilities in networked environments. Known system vulnerability data, system configuration data, and vulnerability scanner results are considered to create exploitation graphs (egraphs) that are used to represent attack scenarios. Experiments carried out in a cluster computing environment showed the usefulness of proposed techniques in providing in-depth attack scenario analyses for security engineering. Critical vulnerabilities can be identified by employing graph algorithms. Several factors were used to measure the difficulty in executing an attack. A cost/benefit analysis was used for more accurate quantitative analysis of attack scenarios.The authors also show how the attack scenario analyses better help deployment of security products and design of network topologies.

DOI

10.1177/0037549706072046

Volume

82

Issue

8

First Page

523

Last Page

541

NSUWorks Citation

Li, Wei; Vaughn, Rayford B.; and Dandass, Yoginder S., "An Approach to Model Network Exploitations Using Exploitation Graphs" (2006). CCE Faculty Articles. 362.
https://nsuworks.nova.edu/gscis_facarticles/362