Using Exploit Similarities for Concise Representation of Attack Scenarios

Wei Li

Using Exploit Similarities for Concise Representation of Attack Scenarios

Wei Li

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Attack graphs have been used to simulate attack scenarios to provide solutions for vulnerability analysis. However the scalability issue of attack graphs is still a big challenge. In this paper we present a detailed analysis on the scalability issue for attack graph. We also propose an approach to simplify attack graphs based on the similarity features of hosts and exploits in networked environments. In this modeling process we focus on the outcomes of exploits and eliminate details of specific exploits. A case study is used to show the effectiveness of the approach. This approach can be highly-efficient for networks in which multiple similar hosts are deployed or similar vulnerabilities are discovered.

Original language	American English
Title of host publication	21st International Conference on Computer Applications in Industry and Engineering, CAINE 2008
Pages	162-167
Number of pages	6
State	Published - 2008
Event	21st International Conference on Computer Applications in Industry and Engineering, CAINE 2008 - Honolulu, HI, United States Duration: Nov 12 2008 → Nov 14 2008

Publication series

Name	21st International Conference on Computer Applications in Industry and Engineering, CAINE 2008

Conference

Conference	21st International Conference on Computer Applications in Industry and Engineering, CAINE 2008
Country/Territory	United States
City	Honolulu, HI
Period	11/12/08 → 11/14/08

ASJC Scopus Subject Areas

Computer Science Applications
Industrial and Manufacturing Engineering

Keywords

Attack graph
Network security
Vulnerability analysis

Cite this

Using Exploit Similarities for Concise Representation of Attack Scenarios. / Li, Wei.
21st International Conference on Computer Applications in Industry and Engineering, CAINE 2008. 2008. p. 162-167 (21st International Conference on Computer Applications in Industry and Engineering, CAINE 2008).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Li, W 2008, Using Exploit Similarities for Concise Representation of Attack Scenarios. in 21st International Conference on Computer Applications in Industry and Engineering, CAINE 2008. 21st International Conference on Computer Applications in Industry and Engineering, CAINE 2008, pp. 162-167, 21st International Conference on Computer Applications in Industry and Engineering, CAINE 2008, Honolulu, HI, United States, 11/12/08.

@inproceedings{1e1f888a5dd34eb49f4576826f3023fb,

title = "Using Exploit Similarities for Concise Representation of Attack Scenarios",

abstract = "Attack graphs have been used to simulate attack scenarios to provide solutions for vulnerability analysis. However the scalability issue of attack graphs is still a big challenge. In this paper we present a detailed analysis on the scalability issue for attack graph. We also propose an approach to simplify attack graphs based on the similarity features of hosts and exploits in networked environments. In this modeling process we focus on the outcomes of exploits and eliminate details of specific exploits. A case study is used to show the effectiveness of the approach. This approach can be highly-efficient for networks in which multiple similar hosts are deployed or similar vulnerabilities are discovered.",

keywords = "Attack graph, Network security, Vulnerability analysis",

author = "Wei Li",

year = "2008",

language = "American English",

isbn = "9781605606170",

series = "21st International Conference on Computer Applications in Industry and Engineering, CAINE 2008",

pages = "162--167",

booktitle = "21st International Conference on Computer Applications in Industry and Engineering, CAINE 2008",

note = "21st International Conference on Computer Applications in Industry and Engineering, CAINE 2008 ; Conference date: 12-11-2008 Through 14-11-2008",

}

TY - GEN

T1 - Using Exploit Similarities for Concise Representation of Attack Scenarios

AU - Li, Wei

PY - 2008

Y1 - 2008

N2 - Attack graphs have been used to simulate attack scenarios to provide solutions for vulnerability analysis. However the scalability issue of attack graphs is still a big challenge. In this paper we present a detailed analysis on the scalability issue for attack graph. We also propose an approach to simplify attack graphs based on the similarity features of hosts and exploits in networked environments. In this modeling process we focus on the outcomes of exploits and eliminate details of specific exploits. A case study is used to show the effectiveness of the approach. This approach can be highly-efficient for networks in which multiple similar hosts are deployed or similar vulnerabilities are discovered.

AB - Attack graphs have been used to simulate attack scenarios to provide solutions for vulnerability analysis. However the scalability issue of attack graphs is still a big challenge. In this paper we present a detailed analysis on the scalability issue for attack graph. We also propose an approach to simplify attack graphs based on the similarity features of hosts and exploits in networked environments. In this modeling process we focus on the outcomes of exploits and eliminate details of specific exploits. A case study is used to show the effectiveness of the approach. This approach can be highly-efficient for networks in which multiple similar hosts are deployed or similar vulnerabilities are discovered.

KW - Attack graph

KW - Network security

KW - Vulnerability analysis

UR - https://www.scopus.com/pages/publications/84883678248

UR - https://www.scopus.com/pages/publications/84883678248#tab=citedBy

M3 - Conference contribution

AN - SCOPUS:84883678248

SN - 9781605606170

T3 - 21st International Conference on Computer Applications in Industry and Engineering, CAINE 2008

SP - 162

EP - 167

BT - 21st International Conference on Computer Applications in Industry and Engineering, CAINE 2008

T2 - 21st International Conference on Computer Applications in Industry and Engineering, CAINE 2008

Y2 - 12 November 2008 through 14 November 2008

ER -

Using Exploit Similarities for Concise Representation of Attack Scenarios

Abstract

Publication series

Conference

ASJC Scopus Subject Areas

Keywords

Other files and links

Fingerprint

Cite this