Generation and risk analysis of network attack graph

Abstract

Attack graph describes how an attacker can compromise with network security. To generate the attack graph, we required system as well as vulnerability information. The system information contains scanned data of a network, which is to be analyzed. The vulnerability data contain information about, how exploits can be generated due to multiple vulnerabilities and what effects can be of such exploitation. Multihost multistage vulnerability analysis (MulVAL) tool is used for generating attack graph in this work. MulVAL generated graphs are logical attack graphs based on logical programming and based on dependencies among attack goal and configuration information. The risk of network attack graph is measured through graph topology theoretic properties (connectivity, cycles, and depth), and analysis of possible attacks paths is carried out in this paper.