Skip to Main Content
As network components are often highly interdependent and interconnected,an adversary outside can take advantage of multiple vulnerabilities in unexpected ways, incrementally penetrate a network and compromise critical systems. Attack graph is commonly used for analyzing network security level for its capability in reflecting all network vulnerabilities and their inter relationships. However, attack graph assumes an over pessimistic situation by giving the attacker unlimited power of exploiting each chain of vulnerabilities in the network, leading the complexity of analyzing to grow exponentially with the size of network. Therefore, the weakest paths suggested by such analysis could be inaccurate for adversary with limited computation power. In this paper, we investigate how attackers are planning to exploit vulnerabilities towards their targets and present the idea of a goal-oriented analysis of attack graph to address this problem. We give algorithms for analyzing network vulnerabilities, predicting attackers's potential target, and giving suggestions on patching the weakest nodes based on attackers' targets.
Date of Conference: 21-23 April 2010