Hosts-Based Attack Graphs and Risk Ranking
This thesis research works on risk assessment of computer networks. Defining an attack model is normally the first step to conduct network risk assessment. An attack graph is built from the attack model. In order to assess the risk in a computer host comprehensively, instead of using a node to represents a potential state that an attack may precede in and the edge between a pair of nodes shows a potential movement from one state to next state, a multiple attack graph is used, where a node represents a computer host which can contain a set of states and the multiple edges can exist between a pair of nodes and each edge shows a potential movement from one state to next state between to two hosts. We introduce host importance to the security model which is determined by the users, data, and services in the host. After the attack graph is built, the risk assessment is performed by ranking the attack graph. The ranking is performed though evaluating the paths in the graph that an attacker may use to attack the targets easiest most valuable under some mild assumptions. A risk ranking system is built to dynamically access the risk at each host in the network. The test and evaluation show that attack graph and algorithm can effectively work well.
"Hosts-Based Attack Graphs and Risk Ranking"
ETD Collection for Tennessee State University.