An Approach to Model Network Exploitations Using Exploitation Graphs

Wei Li; Rayford B. Vaughn; Yoginder S. Dandass

doi:10.1177/0037549706072046

An Approach to Model Network Exploitations Using Exploitation Graphs

Wei Li
, Rayford B. Vaughn
, Yoginder S. Dandass

Research output: Contribution to journal › Article › peer-review

24 Scopus citations

Abstract

In this article, a modeling process is defined to address challenges in analyzing attack scenarios and mitigating vulnerabilities in networked environments. Known system vulnerability data, system configuration data, and vulnerability scanner results are considered to create exploitation graphs (egraphs) that are used to represent attack scenarios. Experiments carried out in a cluster computing environment showed the usefulness of proposed techniques in providing in-depth attack scenario analyses for security engineering. Critical vulnerabilities can be identified by employing graph algorithms. Several factors were used to measure the difficulty in executing an attack. A cost/benefit analysis was used for more accurate quantitative analysis of attack scenarios.The authors also show how the attack scenario analyses better help deployment of security products and design of network topologies.

Original language	American English
Pages (from-to)	523-541
Number of pages	19
Journal	Simulation
Volume	82
Issue number	8
DOIs	https://doi.org/10.1177/0037549706072046
State	Published - Aug 2006

ASJC Scopus Subject Areas

Software
Modeling and Simulation
Computer Graphics and Computer-Aided Design

Keywords

Exploitation graph (e-graph)
computer security
graph-based modeling
vulnerability graph

Disciplines

Computer Sciences

Access to Document

10.1177/0037549706072046

Cite this

@article{48dd2a6e1be2473ebcb63424c5503ce5,

title = "An Approach to Model Network Exploitations Using Exploitation Graphs",

abstract = " In this article, a modeling process is defined to address challenges in analyzing attack scenarios and mitigating vulnerabilities in networked environments. Known system vulnerability data, system configuration data, and vulnerability scanner results are considered to create exploitation graphs (egraphs) that are used to represent attack scenarios. Experiments carried out in a cluster computing environment showed the usefulness of proposed techniques in providing in-depth attack scenario analyses for security engineering. Critical vulnerabilities can be identified by employing graph algorithms. Several factors were used to measure the difficulty in executing an attack. A cost/benefit analysis was used for more accurate quantitative analysis of attack scenarios.The authors also show how the attack scenario analyses better help deployment of security products and design of network topologies.",

keywords = "Exploitation graph (e-graph), computer security, graph-based modeling, vulnerability graph",

author = "Wei Li and Vaughn, \{Rayford B.\} and Dandass, \{Yoginder S.\}",

year = "2006",

month = aug,

doi = "10.1177/0037549706072046",

language = "American English",

volume = "82",

pages = "523--541",

journal = "Simulation",

issn = "0037-5497",

publisher = "SAGE Publications Ltd",

number = "8",

}

TY - JOUR

T1 - An Approach to Model Network Exploitations Using Exploitation Graphs

AU - Li, Wei

AU - Vaughn, Rayford B.

AU - Dandass, Yoginder S.

PY - 2006/8

Y1 - 2006/8

N2 - In this article, a modeling process is defined to address challenges in analyzing attack scenarios and mitigating vulnerabilities in networked environments. Known system vulnerability data, system configuration data, and vulnerability scanner results are considered to create exploitation graphs (egraphs) that are used to represent attack scenarios. Experiments carried out in a cluster computing environment showed the usefulness of proposed techniques in providing in-depth attack scenario analyses for security engineering. Critical vulnerabilities can be identified by employing graph algorithms. Several factors were used to measure the difficulty in executing an attack. A cost/benefit analysis was used for more accurate quantitative analysis of attack scenarios.The authors also show how the attack scenario analyses better help deployment of security products and design of network topologies.

AB - In this article, a modeling process is defined to address challenges in analyzing attack scenarios and mitigating vulnerabilities in networked environments. Known system vulnerability data, system configuration data, and vulnerability scanner results are considered to create exploitation graphs (egraphs) that are used to represent attack scenarios. Experiments carried out in a cluster computing environment showed the usefulness of proposed techniques in providing in-depth attack scenario analyses for security engineering. Critical vulnerabilities can be identified by employing graph algorithms. Several factors were used to measure the difficulty in executing an attack. A cost/benefit analysis was used for more accurate quantitative analysis of attack scenarios.The authors also show how the attack scenario analyses better help deployment of security products and design of network topologies.

KW - Exploitation graph (e-graph)

KW - computer security

KW - graph-based modeling

KW - vulnerability graph

UR - https://nsuworks.nova.edu/gscis_facarticles/362

U2 - 10.1177/0037549706072046

DO - 10.1177/0037549706072046

M3 - Article

SN - 0037-5497

VL - 82

SP - 523

EP - 541

JO - Simulation

JF - Simulation

IS - 8

ER -

An Approach to Model Network Exploitations Using Exploitation Graphs

Abstract

ASJC Scopus Subject Areas

Keywords

Disciplines

Access to Document

Other files and links

Fingerprint

Cite this