Using exploitation graphs to model network exploitations

Wei Li; Rayford Vaughn

Using exploitation graphs to model network exploitations

Wei Li
, Rayford Vaughn

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

In this paper, we define a process to address the challenges in analyzing attack scenarios and mitigating vulnerabilities in networked environments. Known system vulnerability data, system configuration data, and vulnerability scanner results are considered to create exploitation graphs (e-graphs) which are used to represent attack scenarios. The modeling process consists of two primary steps. The first step is the creation of a knowledge base of vulnerability graphs (v-graphs) from known system vulnerabilities. The second step involves the association of multiple v-graphs to create an e-graph specific to a system being modeled. Experiments showed the usefulness of the proposed approach to model attack scenarios and deduct stages of attacks.

Original language	English
Title of host publication	WMSCI 2005 - The 9th World Multi-Conference on Systemics, Cybernetics and Informatics, Proceedings
Pages	404-409
Number of pages	6
State	Published - 2005
Externally published	Yes
Event	9th World Multi-Conference on Systemics, Cybernetics and Informatics, WMSCI 2005 - Orlando, FL, United States Duration: Jul 10 2005 → Jul 13 2005

Publication series

Name	WMSCI 2005 - The 9th World Multi-Conference on Systemics, Cybernetics and Informatics, Proceedings
Volume	10

Conference

Conference	9th World Multi-Conference on Systemics, Cybernetics and Informatics, WMSCI 2005
Country/Territory	United States
City	Orlando, FL
Period	7/10/05 → 7/13/05

ASJC Scopus Subject Areas

Artificial Intelligence
Computer Networks and Communications
Information Systems

Keywords

Exploitation graph (e-graph)
Graph-based modeling
Network security
Vulnerability graph

Cite this

Using exploitation graphs to model network exploitations. / Li, Wei; Vaughn, Rayford.
WMSCI 2005 - The 9th World Multi-Conference on Systemics, Cybernetics and Informatics, Proceedings. 2005. p. 404-409 (WMSCI 2005 - The 9th World Multi-Conference on Systemics, Cybernetics and Informatics, Proceedings; Vol. 10).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Li, W & Vaughn, R 2005, Using exploitation graphs to model network exploitations. in WMSCI 2005 - The 9th World Multi-Conference on Systemics, Cybernetics and Informatics, Proceedings. WMSCI 2005 - The 9th World Multi-Conference on Systemics, Cybernetics and Informatics, Proceedings, vol. 10, pp. 404-409, 9th World Multi-Conference on Systemics, Cybernetics and Informatics, WMSCI 2005, Orlando, FL, United States, 7/10/05.

@inproceedings{d1d8acfbae864f3e9579001d06f58908,

title = "Using exploitation graphs to model network exploitations",

abstract = "In this paper, we define a process to address the challenges in analyzing attack scenarios and mitigating vulnerabilities in networked environments. Known system vulnerability data, system configuration data, and vulnerability scanner results are considered to create exploitation graphs (e-graphs) which are used to represent attack scenarios. The modeling process consists of two primary steps. The first step is the creation of a knowledge base of vulnerability graphs (v-graphs) from known system vulnerabilities. The second step involves the association of multiple v-graphs to create an e-graph specific to a system being modeled. Experiments showed the usefulness of the proposed approach to model attack scenarios and deduct stages of attacks.",

keywords = "Exploitation graph (e-graph), Graph-based modeling, Network security, Vulnerability graph",

author = "Wei Li and Rayford Vaughn",

year = "2005",

language = "English",

isbn = "9806560620",

series = "WMSCI 2005 - The 9th World Multi-Conference on Systemics, Cybernetics and Informatics, Proceedings",

pages = "404--409",

booktitle = "WMSCI 2005 - The 9th World Multi-Conference on Systemics, Cybernetics and Informatics, Proceedings",

note = "9th World Multi-Conference on Systemics, Cybernetics and Informatics, WMSCI 2005 ; Conference date: 10-07-2005 Through 13-07-2005",

}

TY - GEN

T1 - Using exploitation graphs to model network exploitations

AU - Li, Wei

AU - Vaughn, Rayford

PY - 2005

Y1 - 2005

N2 - In this paper, we define a process to address the challenges in analyzing attack scenarios and mitigating vulnerabilities in networked environments. Known system vulnerability data, system configuration data, and vulnerability scanner results are considered to create exploitation graphs (e-graphs) which are used to represent attack scenarios. The modeling process consists of two primary steps. The first step is the creation of a knowledge base of vulnerability graphs (v-graphs) from known system vulnerabilities. The second step involves the association of multiple v-graphs to create an e-graph specific to a system being modeled. Experiments showed the usefulness of the proposed approach to model attack scenarios and deduct stages of attacks.

AB - In this paper, we define a process to address the challenges in analyzing attack scenarios and mitigating vulnerabilities in networked environments. Known system vulnerability data, system configuration data, and vulnerability scanner results are considered to create exploitation graphs (e-graphs) which are used to represent attack scenarios. The modeling process consists of two primary steps. The first step is the creation of a knowledge base of vulnerability graphs (v-graphs) from known system vulnerabilities. The second step involves the association of multiple v-graphs to create an e-graph specific to a system being modeled. Experiments showed the usefulness of the proposed approach to model attack scenarios and deduct stages of attacks.

KW - Exploitation graph (e-graph)

KW - Graph-based modeling

KW - Network security

KW - Vulnerability graph

UR - https://www.scopus.com/pages/publications/84867393695

UR - https://www.scopus.com/pages/publications/84867393695#tab=citedBy

M3 - Conference contribution

AN - SCOPUS:84867393695

SN - 9806560620

SN - 9789806560628

T3 - WMSCI 2005 - The 9th World Multi-Conference on Systemics, Cybernetics and Informatics, Proceedings

SP - 404

EP - 409

BT - WMSCI 2005 - The 9th World Multi-Conference on Systemics, Cybernetics and Informatics, Proceedings

T2 - 9th World Multi-Conference on Systemics, Cybernetics and Informatics, WMSCI 2005

Y2 - 10 July 2005 through 13 July 2005

ER -

Using exploitation graphs to model network exploitations

Abstract

Publication series

Conference

ASJC Scopus Subject Areas

Keywords

Other files and links

Fingerprint

Cite this