Computer Science and Information Systems 2016 Volume 13, Issue 2, Pages: 677-689
https://doi.org/10.2298/CSIS160227022B
Full text ( 168 KB)
Cited by
K maximum probability attack paths dynamic generation algorithm
Bi Kun (Shanghai Maritime University, College of Information Engineering, Shanghai, China)
Han Dezhi (Shanghai Maritime University, College of Information Engineering, Shanghai, China)
Wang Jun (Shanghai Maritime University, College of Information Engineering, Shanghai, China)
An attack graph depicts multiple-step attack and provides a description of
system security vulnerabilities. It illustrates critical information
necessary to identify potential weaknesses and areas for enhanced defense.
Attack graphs include multiple attack paths, which are a focus for further
detailed analysis and risk mitigation. Considering that different
vulnerabilities have different probabilities of being exploited, this paper
proposes an algorithm to dynamically generate the top K attack paths with
maximum probabilities for every node of a system. The proposed algorithm
does not require generation of the full attack graph to calculate the K
attack paths. Instead, it directly processes and analyzes the system input
data and dynamically identifies the K attack paths. The computational time,
based upon the complexity of the attack paths, can be constrained by the
parameter K. Experimental results show that the algorithm is scalable and
efficient.
Keywords: attack path, attack graph, K shortest paths, system security, network security