umu.sePublications
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
An empirical test of the accuracy of an attack graph analysis tool
Umeå University, Faculty of Science and Technology, Department of Computing Science.
2015 (English)In: Information & Computer Security, ISSN 2056-4961, Vol. 23, no 5, p. 516-531Article in journal (Refereed) Published
Abstract [en]

Purpose - The purpose of this paper is to test the practical utility of attack graph analysis. Attack graphs have been proposed as a viable solution to many problems in computer network security management. After individual vulnerabilities are identified with a vulnerability scanner, an attack graph can relate the individual vulnerabilities to the possibility of an attack and subsequently analyze and predict which privileges attackers could obtain through multi-step attacks (in which multiple vulnerabilities are exploited in sequence).

Design/methodology/approach - The attack graph tool, MulVAL, was fed information from the vulnerability scanner Nexpose and network topology information from 8 fictitious organizations containing 199 machines. Two teams of attackers attempted to infiltrate these networks over the course of two days and reported which machines they compromised and which attack paths they attempted to use. Their reports are compared to the predictions of the attack graph analysis.

Findings - The prediction accuracy of the attack graph analysis was poor. Attackers were more than three times likely to compromise a host predicted as impossible to compromise compared to a host that was predicted as possible to compromise. Furthermore, 29 per cent of the hosts predicted as impossible to compromise were compromised during the two days. The inaccuracy of the vulnerability scanner and MulVAL's interpretation of vulnerability information are primary reasons for the poor prediction accuracy.

Originality/value - Although considerable research contributions have been made to the development of attack graphs, and several analysis methods have been proposed using attack graphs, the extant literature does not describe any tests of their accuracy under realistic conditions.

Place, publisher, year, edition, pages
Emerald Group Publishing Limited, 2015. Vol. 23, no 5, p. 516-531
Keywords [en]
Assessments, Security, Computer security, Computer networks, Attack graphs
National Category
Computer Systems
Identifiers
URN: urn:nbn:se:umu:diva-142807DOI: 10.1108/ICS-06-2014-0036ISI: 000218516600004OAI: oai:DiVA.org:umu-142807DiVA, id: diva2:1166578
Available from: 2017-12-15 Created: 2017-12-15 Last updated: 2017-12-15Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full text
By organisation
Department of Computing Science
Computer Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 57 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf