Rule-based topological vulnerability analysis

Abstract

Attack graphs represent known attack sequences that attackers can use to penetrate computer networks. Recently, many researchers have proposed techniques for automatically generating attack graphs for a given computer network. These techniques either use model checkers to generate attack graphs and suffer from scalability problems, or they are based on an assumption of monotonicity and are unable to represent real-world situations. In this paper, we present a vulnerability analysis technique that is more scalable than model-checker-based solutions and more expressive than monotonicity-based solutions. We represent individual attacks as the transition rules of a rule-based system. We define noninterfering rulesets and present efficient, scalable algorithms for those sets. We then consider arbitrary nonmonotonic rulesets and present a series of optimizations which permit us to perform vulnerability assessment efficiently in most practical cases. We motivate the issues and illustrate our techniques using a substantial example. © Springer-Verlag Berlin Heidelberg 2005.