Attack Graph Generation Method Based On Security Administrator Information

As the network scale and user dependency grow, the maintenance complexity for network system keeps growing too. Network attackers no longer merely aim at a single host or a single vulnerability, instead, attackers use multi-step intrusion, where they first compromise a host and then use it as a step-stone to further compromise the inside network, eventually obtain the privilege of target host and achieve the attack goal.In such situation, the independent vulnerability analysis for network hosts can no longer satisfy the security requirements. Attack graph, being a new tool that can clearly express the network structure, can help network administrators to analyze the correlation within vulnerability, understand the network vulnerability and perform effective compensation. Attack graph has been used to wide range of applications for overall vulnerability in the network analysis. However, the complexity of traditional method for generating attack graphs increases dramatically as the network size grows. To solve this problem, we have to improve the method of generating attack graph, expecting to create simple but effective attack graph.This paper first introduces the network vulnerability scanning technology: Use NESSUS network vulnerability scanner to obtain the existing loopholes in the system. Based on this, a new generation method is introduced from the network administrators'perspective. This method search for the key nodes in the network, then starting from these key nodes, generate the attack graph through the forward and backward searching the key nodes set, then analyze the correlation between key nodes set, combine analysis to create the final attack graph.This paper implemented the attack graph generation prototype system based on the algorithm described above, simulated the graph visualization for attack graph, compared this with the traditional attack graph generation method, verified the feasibility of the algorithm, proved that comparing to the traditional algorithm, the algorithm described in this paper creates attack graph in a more simple and effective way, brings the convenience for follow-up attack graph analysis.