An effective algorithm for building a set of the shortest attacks within the context of one model of attack development in computer networks | Applied Discrete Mathematics. Supplement. 2018. № 11. DOI: 10.17223/2226308X/11/28

An effective algorithm for building a set of the shortest attacks within the context of one model of attack development in computer networks

In the paper, we present an algorithm to extract a set of shortest attacks within the context of one particular model of attack development in a computer network. This model does not make it possible to construct attack graphs with the asymptotically greatest number of vertices. However, the graphs constructed within the model do not contain loops, thus making it possible to correctly define the length of attack. The model represents the development of attacks as a discrete dynamical process. Similar to the most models of attack development, it possesses the monotonicity property. The consequence of this is a simple structure of a State Transition Graph (STG) of Discrete Dynamical System describing a development of attacks in the considered model. We propose an algorithm, which can extract from a particular STG an attack graph and a subgraph representing all the shortest attacks in a considered computer network. The algorithm for extracting the set of the shortest attacks under standard assumptions (when the number of vulnerabilities and atomic attacks are constants that do not depend on a network size) has the complexity of O(n²) where n is the number of hosts in a network.

Download file

Counter downloads: 168

Keywords

discrete dynamical systems, attack graphs, attacks in computer networks, графы атак, дискретные динамические системы, атаки в компьютерных сетях

Authors

Name	Organization	E-mail
Gorbatenko D.E.	Irkutsk State University	gorbadima@yandex.ru
Semenov A. A.	Institute of Dynamics of Systems and Control Theory V.M. Matrosov SB RAS	biclop.rambler@yandex.ru

Всего: 2

References

Девянин П. Н. Модели безопасности компьютерных систем. М.: Academia, 2005.

Горбатенко Д. Е., Кочемазов С. Е., Семёнов А. А. О дискретно-автоматных моделях атак в компьютерных сетях // Прикладная дискретная математика. Приложение. 2016. №9. С.80-83.

Ou X., Govindavajhala S., and Appel A. MulVAL: A logic-based network security analyzer // SSYM'05 Proc. 14th Conf. USENIX Security Symp. 2005. V. 14. P. 113-128.

Danforth M. Models for Threat Assessment in Networks. PhD Thesis, University of California-Davis, 2006.

Ingols K., Lippmann R., and Piwowarski K. Practical attack graph generation for network defense // ACSAC'06: Proc. 22nd Ann. Computer Security Appl. Conf. 2006. P. 121-130.

Ou X., Wayne B., and Miles M. A scalable approach to attack graph generation // Proc. 13th ACM Conf. Computer and Communications Security. 2006. P. 336-345.

Sheyner O., Haines J.W., Jha S., et al. Automated generation and analysis of attack Graphs // Proc. 2002 IEEE Symp. Security and Privacy. 2002. P. 273-284.

Amman P., Wijesekera D., and KaushikS. Scalable, graph-based network vulnerability analysis // Proc. CCS 2002: 9th ACM Conf. Computer and Communications Security. 2002. P. 217-224.