K maximum probability attack paths dynamic generation algorithm

Bi,  Kun; Han,  Dezhi; Wang,  Jun

National library of Serbia

About the journal

Editorial policy

Instructions for authors

Cobiss

All issues

Computer Science and Information Systems 2016 Volume 13, Issue 2, Pages: 677-689
https://doi.org/10.2298/CSIS160227022B
Full text ( 168 KB)
Cited by

K maximum probability attack paths dynamic generation algorithm

Bi Kun (Shanghai Maritime University, College of Information Engineering, Shanghai, China)
Han Dezhi (Shanghai Maritime University, College of Information Engineering, Shanghai, China)
Wang Jun (Shanghai Maritime University, College of Information Engineering, Shanghai, China)

An attack graph depicts multiple-step attack and provides a description of system security vulnerabilities. It illustrates critical information necessary to identify potential weaknesses and areas for enhanced defense. Attack graphs include multiple attack paths, which are a focus for further detailed analysis and risk mitigation. Considering that different vulnerabilities have different probabilities of being exploited, this paper proposes an algorithm to dynamically generate the top K attack paths with maximum probabilities for every node of a system. The proposed algorithm does not require generation of the full attack graph to calculate the K attack paths. Instead, it directly processes and analyzes the system input data and dynamically identifies the K attack paths. The computational time, based upon the complexity of the attack paths, can be constrained by the parameter K. Experimental results show that the algorithm is scalable and efficient.

Keywords: attack path, attack graph, K shortest paths, system security, network security

doiSerbia