Identifying Critical Attack Assets in Dependency Attack Gaphs

PDF

Authors
  1. Sawilla, R.
  2. Ou, X.
Corporate Authors
Defence R&D Canada - Ottawa, Ottawa ONT (CAN);Kansas State Univ, Manhattan KS (US)
Abstract
Attack graphs have been proposed as useful tools for analyzing security vulnerabilities in network systems. Even when they are produced efficiently, the size and complexity of attack graphs often prevent a human from fully comprehending the information conveyed. A distillation of this overwhelming amount of information is crucial to aid network administrators in efficiently allocating scarce human and financial resources. This paper introduces AssetRank, a generalization of Google’s PageRank algorithm which ranks web pages in web graphs. AssetRank addresses the unique semantics of dependency attack graphs and incorporates vulnerability data from public databases to compute metrics for the graph vertices (representing attacker privileges and vulnerabilities) which reveal their importance in attacks against the system. We give a stochastic interpretation of the computed values in the context of dependency attack graphs, and conduct experiments on various network scenarios. The results of the experiments show that the numeric ranks given by our algorithm are consistent with the intuitive importance that the privileges and vulnerabilities have to an attacker. The vertex ranks can be used to prioritize countermeasures, help a human reader to better comprehend security problems, and provide input to further security analysis tools.

Il y a un résumé en français ici.

Report Number
DRDC-OTTAWA-TM-2008-180 — Technical Memorandum
Date of publication
01 Sep 2008
Number of Pages
54
DSTKIM No
CA031364
CANDIS No
530199
Format(s):
CD ROM

Permanent link

Document 1 of 1

Date modified: