An empirical test of the accuracy of an attack graph analysis tool. (9th November 2015)
- Record Type:
- Journal Article
- Title:
- An empirical test of the accuracy of an attack graph analysis tool. (9th November 2015)
- Main Title:
- An empirical test of the accuracy of an attack graph analysis tool
- Authors:
- Sommestad, Teodor
Sandström, Fredrik - Abstract:
- Abstract : Purpose: – The purpose of this paper is to test the practical utility of attack graph analysis. Attack graphs have been proposed as a viable solution to many problems in computer network security management. After individual vulnerabilities are identified with a vulnerability scanner, an attack graph can relate the individual vulnerabilities to the possibility of an attack and subsequently analyze and predict which privileges attackers could obtain through multi-step attacks (in which multiple vulnerabilities are exploited in sequence). Design/methodology/approach: – The attack graph tool, MulVAL, was fed information from the vulnerability scanner Nexpose and network topology information from 8 fictitious organizations containing 199 machines. Two teams of attackers attempted to infiltrate these networks over the course of two days and reported which machines they compromised and which attack paths they attempted to use. Their reports are compared to the predictions of the attack graph analysis. Findings: – The prediction accuracy of the attack graph analysis was poor. Attackers were more than three times likely to compromise a host predicted as impossible to compromise compared to a host that was predicted as possible to compromise. Furthermore, 29 per cent of the hosts predicted as impossible to compromise were compromised during the two days. The inaccuracy of the vulnerability scanner and MulVAL's interpretation of vulnerability information are primary reasonsAbstract : Purpose: – The purpose of this paper is to test the practical utility of attack graph analysis. Attack graphs have been proposed as a viable solution to many problems in computer network security management. After individual vulnerabilities are identified with a vulnerability scanner, an attack graph can relate the individual vulnerabilities to the possibility of an attack and subsequently analyze and predict which privileges attackers could obtain through multi-step attacks (in which multiple vulnerabilities are exploited in sequence). Design/methodology/approach: – The attack graph tool, MulVAL, was fed information from the vulnerability scanner Nexpose and network topology information from 8 fictitious organizations containing 199 machines. Two teams of attackers attempted to infiltrate these networks over the course of two days and reported which machines they compromised and which attack paths they attempted to use. Their reports are compared to the predictions of the attack graph analysis. Findings: – The prediction accuracy of the attack graph analysis was poor. Attackers were more than three times likely to compromise a host predicted as impossible to compromise compared to a host that was predicted as possible to compromise. Furthermore, 29 per cent of the hosts predicted as impossible to compromise were compromised during the two days. The inaccuracy of the vulnerability scanner and MulVAL's interpretation of vulnerability information are primary reasons for the poor prediction accuracy. Originality/value: – Although considerable research contributions have been made to the development of attack graphs, and several analysis methods have been proposed using attack graphs, the extant literature does not describe any tests of their accuracy under realistic conditions. … (more)
- Is Part Of:
- Information and computer security. Volume 23:Number 5(2015)
- Journal:
- Information and computer security
- Issue:
- Volume 23:Number 5(2015)
- Issue Display:
- Volume 23, Issue 5 (2015)
- Year:
- 2015
- Volume:
- 23
- Issue:
- 5
- Issue Sort Value:
- 2015-0023-0005-0000
- Page Start:
- 516
- Page End:
- 531
- Publication Date:
- 2015-11-09
- Subjects:
- Assessments -- Security -- Computer security -- Computer networks -- Attack graphs
Computer security -- Management -- Periodicals
Computer networks -- Security measures -- Periodicals
Data protection -- Management -- Periodicals
658.47 - Journal URLs:
- http://www.emeraldinsight.com/loi/ics ↗
http://www.emeraldinsight.com/ ↗ - DOI:
- 10.1108/ICS-06-2014-0036 ↗
- Languages:
- English
- ISSNs:
- 2056-4961
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 4481.796000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 8127.xml