Attack Graph-Based Approach For Enterprise Networks Security Analysis

Abstract

Network administrators are always faced with numerous challenges of identifying threats and in retrospect, securing the organization’s network. The classical approach of identifying the vulnerability in the network is by using commercially developed tools that do not take into cognisance vulnerability interaction between network elements and their behavioral pattern.Therefore, network administrators have to take a hollistic methods to identify vulnerability interrelationships to be captured by an attack graph which will help in identifying all possible ways an attacker would have access to critical resources. The objective therefore is to design an attack graph–based approach for analyzing security vulnerabilities in enterprise networks, implement and evaluate performance of the approach. This work proposes an attack graph network security analyser based. The attack graph directly illustrates logical dependencies among attack goals and configuration information. In the attack graph, a node in the graph is a logical statement and an edge in the graph is represented by causality relation between network configurations and an attacker’s potential privileges. The benchmark is just a collection of Datalog tuples representing the configuration of the synthesized networks, the graph generation CPU time was compared to Sheyner attack graph toolkit. The result in the graph shows the comparison of the graph builder CPU time for the case of a fully connected network and 5 vulnerabilities per host which shows Sheyner’s tools grows exponentially.Some important contributions of this work include establishing an attack graph–based approach for enterprise networks security analysis that can capture generic security interactions and specify security relevant configuration information.