Visible to the public A Logic-Based Attack Graph for Analyzing Network Security Risk Against Potential Attack

TitleA Logic-Based Attack Graph for Analyzing Network Security Risk Against Potential Attack
Publication TypeConference Paper
Year of Publication2018
AuthorsYi, F., Cai, H. Y., Xin, F. Z.
Conference Name2018 IEEE International Conference on Networking, Architecture and Storage (NAS)
Keywordsattack graph, Attack Graphs, attack path depth, attack path number, attacker, Cognition, Communication networks, composability, Firewalls (computing), generation attack graph, graph theory, LAPA framework, logic-based attack graph, logical language, logical property specification, logical reasoning algorithm, Metrics, model checking, network risk, network security risk, network vulnerability analysis methods, potential attack, pubcrawl, resilience, Resiliency, security of data, Servers, Tools, Vulnerability
AbstractIn this paper, we present LAPA, a framework for automatically analyzing network security risk and generating attack graph for potential attack. The key novelty in our work is that we represent the properties of networks and zero day vulnerabilities, and use logical reasoning algorithm to generate potential attack path to determine if the attacker can exploit these vulnerabilities. In order to demonstrate the efficacy, we have implemented the LAPA framework and compared with three previous network vulnerability analysis methods. Our analysis results have a low rate of false negatives and less cost of processing time due to the worst case assumption and logical property specification and reasoning. We have also conducted a detailed study of the efficiency for generation attack graph with different value of attack path number, attack path depth and network size, which affect the processing time mostly. We estimate that LAPA can produce high quality results for a large portion of networks.
Citation Keyyi_logic-based_2018