A Host-Based Approach to Network Attack Chaining Analysis

Tucson, Arizona December 05-December 09

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/CSAC.2005.6

21st Annual Computer Security Applica ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Paul Ammann Articles by Joseph Pamula Articles by Julie Street Articles by Ronald Ritchey

	ASCII Text	x
	Paul Ammann, Joseph Pamula, Julie Street, Ronald Ritchey, "A Host-Based Approach to Network Attack Chaining Analysis," Computer Security Applications Conference, Annual, pp. 72-84, 21st Annual Computer Security Applications Conference (ACSAC'05), 2005.

	BibTex	x
	@article{ 10.1109/CSAC.2005.6, author = {Paul Ammann and Joseph Pamula and Julie Street and Ronald Ritchey}, title = {A Host-Based Approach to Network Attack Chaining Analysis}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2005}, issn = {1063-9527}, pages = {72-84}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSAC.2005.6}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - A Host-Based Approach to Network Attack Chaining Analysis SN - 1063-9527 SP72 EP84 A1 - Paul Ammann, A1 - Joseph Pamula, A1 - Julie Street, A1 - Ronald Ritchey, PY - 2005 KW - null VL - 0 JA - Computer Security Applications Conference, Annual ER -

Paul Ammann, ISE Department George Mason University

Joseph Pamula, Center for Secure Information Systems George Mason University

Julie Street, ISE Department George Mason University

Ronald Ritchey, Booz Allen & Hamilton

The typical means by which an attacker breaks into a network is through a chain of exploits, where each exploit in the chain lays the groundwork for subsequent exploits. Such a chain is called an attack path, and the set of all possible attack paths form an attack graph. Researchers have proposed a variety of methods to generate attack graphs. In this paper, we provide a novel alternative approach to network vulnerability analysis by utilizing a penetration tester?s perspective of maximal level of penetration possible on a host. Our approach has the following benefits: it provides a more intuitive model in which an analyst can work, and its algorithmic complexity is polynomial in the size of the network, and so has the potential of scaling well to practical networks. The drawback is that we track only "good" attack paths, as opposed to all possible attack paths. Hence, an analyst may make suboptimal choices when repairing the network. Since attack graphs grow exponentially with the size of the network, we argue that suboptimal solutions are an unavoidable cost of scalability, and hence practical utility. A working prototype tool has been implemented to demonstrate the practicality of our approach.

Citation:

Paul Ammann, Joseph Pamula, Julie Street, Ronald Ritchey, "A Host-Based Approach to Network Attack Chaining Analysis," acsac, pp.72-84, 21st Annual Computer Security Applications Conference (ACSAC'05), 2005

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.