Attack Graph Generation

Abstract

This chapter presents a review of the state of the art on attack graph generation methods and their respective models, a review of possible sources of vulnerability, weakness, and remediation information, a comparative analysis of 15 tools for attack graph generation, and a case study on the implementation of a production-ready system and its challenges. This review mostly covers pre/post-condition attack graph models, as the majority of works in the literature are based on them, and discusses the information needs of each. Fifteen semi-structured vulnerability databases (e.g., the National Vulnerability Database) will be presented in a comparative analysis focused on the richness of their information and their ability to fulfill each model's requirements. Furthermore, the Common Weakness Enumeration list will be briefly presented, as its use can further enrich the expressiveness of the pre/post-condition models. As the main purpose of attack graphs is the calculation of effective remediation actions, a review of possible remediation information sources will be conducted and the possible challenges posed by the information extraction process will be discussed. Finally, a number of attack graph generation tools will be presented from the perspective of their graph building algorithms and information requirements, in conjunction with a case study on the practical challenges faced when implementing a production-ready system.