A Scalable Attack Graph Generation for Network Security Management
Akinyemi B.O; Jekoyemi O.V; Aladesanmi T.A; Aderounmu G.A; Kamagaté B.H

As the dependencies on network system is increasing, such systems are vulnerable and are exposed to different attacks due to some software misconfigurations, software flaws and operating system service malfunctions. Network managers often rely on Attack Graphs to visually perform security risk assessment on the network systems. The Attack Graphs are very cumbersome to visually understand as they grow exponentially when the size of the network increases or the number of hosts‟ vulnerabilities increases in a network. This paper addresses the scalability issues of Attack Graph generation by leveraging on graph theory background. MulVAL and Nessus scanners tools were employed for the generation of Attack Graphs and network information mapping respectively. A computational algorithm that is capable of handling cycles was formulated. A valid path detection algorithm was also formulated to determine the most critical and valid paths needed within an Attack Graph for the purpose network security risk assessment. The results showed that the proposed model alleviates redundancy in Attack Graphs. This will assist the security administrator in making reasonable decision on the security risk management of the network systems.

Full Text: PDF     DOI: 10.15640/jcsit.v6n2a4