Intelligent Attack Graph Generator Adapting to Large Vulnerability Information
碩士 === 中原大學 === 資訊工程研究所 === 91 === Vulnerability analysis is important to ensure the security of a network environment. Critical services in a network environment with vulnerabilities are vulnerable if there are attack paths leading to the services. Many tools based on graph theory have been propose...
| Main Authors: | , |
|---|---|
| Other Authors: | |
| Format: | Others |
| Language: | zh-TW |
| Published: |
2003
|
| Online Access: | http://ndltd.ncl.edu.tw/handle/4n7f8w |
| id |
ndltd-TW-091CYCU5392003 |
|---|---|
| record_format |
oai_dc |
| spelling |
ndltd-TW-091CYCU53920032018-06-25T06:06:25Z http://ndltd.ncl.edu.tw/handle/4n7f8w Intelligent Attack Graph Generator Adapting to Large Vulnerability Information 適應於多量弱點資訊之智慧型攻擊圖形產生器 Chung-Yin Lin 林崇頤 碩士 中原大學 資訊工程研究所 91 Vulnerability analysis is important to ensure the security of a network environment. Critical services in a network environment with vulnerabilities are vulnerable if there are attack paths leading to the services. Many tools based on graph theory have been proposed to discover the possible attack paths through which an attacker may exploit to reach his final goal. Although automated tools to find all possible attack paths are available, they require manual effort and expert knowledge to describe the one-step attack templates before computerized model checking procedure can be performed. As the amount of vulnerabilities discovered doubles exponentially every year, the configuration change in network occurs more and more often, and the softwares installed to individual system varies from time to time, an attack graph generation system which demands little manual effort and expert knowledge is desirable. In this thesis, an intelligent attack graph generator is proposed. In this attack graph generator, vulnerability information is derived from data collected from authoritative sources. The configuration and the software installation information are gathered through a reporting mechanism. Both are automatic procedures. The resulted information constitutes the primitive facts about the environment. A set of rules is derived to model the expert knowledge central to the derivation of the one-step attack templates. By utilizing the influence rules to analyze the primitive facts, the one-step attack templates can be generated and the possible attack paths can be explored in a fully automated process. The intelligent attack graph generator has been implemented, and experiments have been conducted to verify the correctness of the proposed scheme. Hsiao-Rong Tyan 田筱榮 2003 學位論文 ; thesis 68 zh-TW |
| collection |
NDLTD |
| language |
zh-TW |
| format |
Others
|
| sources |
NDLTD |
| description |
碩士 === 中原大學 === 資訊工程研究所 === 91 === Vulnerability analysis is important to ensure the security of a network environment. Critical services in a network environment with vulnerabilities are vulnerable if there are attack paths leading to the services. Many tools based on graph theory have been proposed to discover the possible attack paths through which an attacker may exploit to reach his final goal. Although automated tools to find all possible attack paths are available, they require manual effort and expert knowledge to describe the one-step attack templates before computerized model checking procedure can be performed. As the amount of vulnerabilities discovered doubles exponentially every year, the configuration change in network occurs more and more often, and the softwares installed to individual system varies from time to time, an attack graph generation system which demands little manual effort and expert knowledge is desirable. In this thesis, an intelligent attack graph generator is proposed. In this attack graph generator, vulnerability information is derived from data collected from authoritative sources. The configuration and the software installation information are gathered through a reporting mechanism. Both are automatic procedures. The resulted information constitutes the primitive facts about the environment. A set of rules is derived to model the expert knowledge central to the derivation of the one-step attack templates. By utilizing the influence rules to analyze the primitive facts, the one-step attack templates can be generated and the possible attack paths can be explored in a fully automated process. The intelligent attack graph generator has been implemented, and experiments have been conducted to verify the correctness of the proposed scheme.
|
| author2 |
Hsiao-Rong Tyan |
| author_facet |
Hsiao-Rong Tyan Chung-Yin Lin 林崇頤 |
| author |
Chung-Yin Lin 林崇頤 |
| spellingShingle |
Chung-Yin Lin 林崇頤 Intelligent Attack Graph Generator Adapting to Large Vulnerability Information |
| author_sort |
Chung-Yin Lin |
| title |
Intelligent Attack Graph Generator Adapting to Large Vulnerability Information |
| title_short |
Intelligent Attack Graph Generator Adapting to Large Vulnerability Information |
| title_full |
Intelligent Attack Graph Generator Adapting to Large Vulnerability Information |
| title_fullStr |
Intelligent Attack Graph Generator Adapting to Large Vulnerability Information |
| title_full_unstemmed |
Intelligent Attack Graph Generator Adapting to Large Vulnerability Information |
| title_sort |
intelligent attack graph generator adapting to large vulnerability information |
| publishDate |
2003 |
| url |
http://ndltd.ncl.edu.tw/handle/4n7f8w |
| work_keys_str_mv |
AT chungyinlin intelligentattackgraphgeneratoradaptingtolargevulnerabilityinformation AT línchóngyí intelligentattackgraphgeneratoradaptingtolargevulnerabilityinformation AT chungyinlin shìyīngyúduōliàngruòdiǎnzīxùnzhīzhìhuìxínggōngjītúxíngchǎnshēngqì AT línchóngyí shìyīngyúduōliàngruòdiǎnzīxùnzhīzhìhuìxínggōngjītúxíngchǎnshēngqì |
| _version_ |
1718705968611590144 |