Building Compact Exploitation Graphs for a Cluster Computing Environment

Wei Li; Rayford Vaughn

doi:10.1109/IAW.2005.1495933

Building Compact Exploitation Graphs for a Cluster Computing Environment

Wei Li
, Rayford Vaughn

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

In this paper, a modeling process is described to address challenges in analyzing attack scenarios and mitigating vulnerabilities in networked environments. Known system vulnerability data, system configuration data, and vulnerability scanner results are combined to create exploitation graphs (e-graphs), which are used to represent attack scenarios. The modeling process consists of three primary steps. The first step is the creation of a knowledge base of known system vulnerabilities. These vulnerabilities are represented using pre-conditions and post-conditions. A template is used to represent pre-conditions and post-conditions, and vulnerabilities are encoded using a pre-defined set of attributes. The second step involves the association of multiple vulnerabilities to create an e-graph specific to the system being modeled. The third step of this process involves the development of abstraction techniques that can be used to simplify exploitation graphs. A novel abstraction technique is proposed based on host connection similarity and exploitation similarity. These techniques have been applied into a high-performance cluster computing environment to show that they facilitate a compact representation of attack scenarios and provide in-depth vulnerability assessments.

Original language	American English
Title of host publication	Proceedings from the Sixth Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005
Pages	50-57
Number of pages	8
DOIs	https://doi.org/10.1109/IAW.2005.1495933
State	Published - 2005
Externally published	Yes
Event	6th Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005 - West Point, NY, United States Duration: Jun 15 2005 → Jun 17 2005

Publication series

Name	Proceedings from the 6th Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005
Volume	2005

Conference

Conference	6th Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005
Country/Territory	United States
City	West Point, NY
Period	6/15/05 → 6/17/05

ASJC Scopus Subject Areas

General Engineering

Keywords

Abstraction
Attack modeling
Cluster computing
Exploitation graph (e-graph)
Network security

Access to Document

10.1109/IAW.2005.1495933

Cite this

Li, W., & Vaughn, R. (2005). Building Compact Exploitation Graphs for a Cluster Computing Environment. In Proceedings from the Sixth Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005 (pp. 50-57). Article 1495933 (Proceedings from the 6th Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005; Vol. 2005). https://doi.org/10.1109/IAW.2005.1495933

Building Compact Exploitation Graphs for a Cluster Computing Environment. / Li, Wei; Vaughn, Rayford.
Proceedings from the Sixth Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005. 2005. p. 50-57 1495933 (Proceedings from the 6th Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005; Vol. 2005).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Li, W & Vaughn, R 2005, Building Compact Exploitation Graphs for a Cluster Computing Environment. in Proceedings from the Sixth Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005., 1495933, Proceedings from the 6th Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005, vol. 2005, pp. 50-57, 6th Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005, West Point, NY, United States, 6/15/05. https://doi.org/10.1109/IAW.2005.1495933

@inproceedings{0cff47e78978492290c9ded4be086b21,

title = "Building Compact Exploitation Graphs for a Cluster Computing Environment",

abstract = "In this paper, a modeling process is described to address challenges in analyzing attack scenarios and mitigating vulnerabilities in networked environments. Known system vulnerability data, system configuration data, and vulnerability scanner results are combined to create exploitation graphs (e-graphs), which are used to represent attack scenarios. The modeling process consists of three primary steps. The first step is the creation of a knowledge base of known system vulnerabilities. These vulnerabilities are represented using pre-conditions and post-conditions. A template is used to represent pre-conditions and post-conditions, and vulnerabilities are encoded using a pre-defined set of attributes. The second step involves the association of multiple vulnerabilities to create an e-graph specific to the system being modeled. The third step of this process involves the development of abstraction techniques that can be used to simplify exploitation graphs. A novel abstraction technique is proposed based on host connection similarity and exploitation similarity. These techniques have been applied into a high-performance cluster computing environment to show that they facilitate a compact representation of attack scenarios and provide in-depth vulnerability assessments.",

keywords = "Abstraction, Attack modeling, Cluster computing, Exploitation graph (e-graph), Network security",

author = "Wei Li and Rayford Vaughn",

year = "2005",

doi = "10.1109/IAW.2005.1495933",

language = "American English",

isbn = "0780392906",

series = "Proceedings from the 6th Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005",

pages = "50--57",

booktitle = "Proceedings from the Sixth Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005",

note = "6th Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005 ; Conference date: 15-06-2005 Through 17-06-2005",

}

TY - GEN

T1 - Building Compact Exploitation Graphs for a Cluster Computing Environment

AU - Li, Wei

AU - Vaughn, Rayford

PY - 2005

Y1 - 2005

N2 - In this paper, a modeling process is described to address challenges in analyzing attack scenarios and mitigating vulnerabilities in networked environments. Known system vulnerability data, system configuration data, and vulnerability scanner results are combined to create exploitation graphs (e-graphs), which are used to represent attack scenarios. The modeling process consists of three primary steps. The first step is the creation of a knowledge base of known system vulnerabilities. These vulnerabilities are represented using pre-conditions and post-conditions. A template is used to represent pre-conditions and post-conditions, and vulnerabilities are encoded using a pre-defined set of attributes. The second step involves the association of multiple vulnerabilities to create an e-graph specific to the system being modeled. The third step of this process involves the development of abstraction techniques that can be used to simplify exploitation graphs. A novel abstraction technique is proposed based on host connection similarity and exploitation similarity. These techniques have been applied into a high-performance cluster computing environment to show that they facilitate a compact representation of attack scenarios and provide in-depth vulnerability assessments.

AB - In this paper, a modeling process is described to address challenges in analyzing attack scenarios and mitigating vulnerabilities in networked environments. Known system vulnerability data, system configuration data, and vulnerability scanner results are combined to create exploitation graphs (e-graphs), which are used to represent attack scenarios. The modeling process consists of three primary steps. The first step is the creation of a knowledge base of known system vulnerabilities. These vulnerabilities are represented using pre-conditions and post-conditions. A template is used to represent pre-conditions and post-conditions, and vulnerabilities are encoded using a pre-defined set of attributes. The second step involves the association of multiple vulnerabilities to create an e-graph specific to the system being modeled. The third step of this process involves the development of abstraction techniques that can be used to simplify exploitation graphs. A novel abstraction technique is proposed based on host connection similarity and exploitation similarity. These techniques have been applied into a high-performance cluster computing environment to show that they facilitate a compact representation of attack scenarios and provide in-depth vulnerability assessments.

KW - Abstraction

KW - Attack modeling

KW - Cluster computing

KW - Exploitation graph (e-graph)

KW - Network security

UR - https://www.scopus.com/pages/publications/33745463192

UR - https://www.scopus.com/pages/publications/33745463192#tab=citedBy

U2 - 10.1109/IAW.2005.1495933

DO - 10.1109/IAW.2005.1495933

M3 - Conference contribution

AN - SCOPUS:33745463192

SN - 0780392906

SN - 9780780392908

T3 - Proceedings from the 6th Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005

SP - 50

EP - 57

BT - Proceedings from the Sixth Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005

T2 - 6th Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC 2005

Y2 - 15 June 2005 through 17 June 2005

ER -

Building Compact Exploitation Graphs for a Cluster Computing Environment

Abstract

Publication series

Conference

ASJC Scopus Subject Areas

Keywords

Access to Document

Other files and links

Fingerprint

Cite this