| Title | A Logic-Based Attack Graph for Analyzing Network Security Risk Against Potential Attack |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Yi, F., Cai, H. Y., Xin, F. Z. |
| Conference Name | 2018 IEEE International Conference on Networking, Architecture and Storage (NAS) |
| Keywords | attack graph, Attack Graphs, attack path depth, attack path number, attacker, Cognition, Communication networks, composability, Firewalls (computing), generation attack graph, graph theory, LAPA framework, logic-based attack graph, logical language, logical property specification, logical reasoning algorithm, Metrics, model checking, network risk, network security risk, network vulnerability analysis methods, potential attack, pubcrawl, resilience, Resiliency, security of data, Servers, Tools, Vulnerability |
| Abstract | In this paper, we present LAPA, a framework for automatically analyzing network security risk and generating attack graph for potential attack. The key novelty in our work is that we represent the properties of networks and zero day vulnerabilities, and use logical reasoning algorithm to generate potential attack path to determine if the attacker can exploit these vulnerabilities. In order to demonstrate the efficacy, we have implemented the LAPA framework and compared with three previous network vulnerability analysis methods. Our analysis results have a low rate of false negatives and less cost of processing time due to the worst case assumption and logical property specification and reasoning. We have also conducted a detailed study of the efficiency for generation attack graph with different value of attack path number, attack path depth and network size, which affect the processing time mostly. We estimate that LAPA can produce high quality results for a large portion of networks. |
| DOI | 10.1109/NAS.2018.8515733 |
| Citation Key | yi_logic-based_2018 |
A Logic-Based Attack Graph for Analyzing Network Security Risk Against Potential Attack