Skip to Main Content
Attack graph plays an important role in network security, as it directly shows the existence of vulnerabilities in network and how attackers use these vulnerabilities to implement an effective attack, the analysis on the attack graph or the simulation of dynamic attacks through attack graph can help us easily find out the vulnerabilities in network, and take corresponding security measures, in order to strengthen network security. Previous attack graph generation methods are generally not suitable for large network, because of their high complexity of time, high consumption of space, and the large scale of attack graphs. Based on substantive analysis of the vulnerabilities in network, this paper describes a model for automatically generating and analyzing network attack graph. Besides, a prototype system bases on this model has been designed. At last, this prototype system was tested by a model network we built, and it was proved to be simple, flexible, and efficient.