### Abstract

The growth in the size of networks and the number of vulnerabilities is increasingly challenging to manage network security. Especially, difficult to manage are multi-step attacks which are attacks using one or more vulnerabilities as stepping stones. Attack graphs are widely used for analyzing multi-step attacks. However, since these graphs had large sizes, it was too expensive to work with. In this paper, we propose a mechanism to manage attack graphs using a divide and conquer approach. To enhance efficiency of risk analyzer working with attack graphs, we converted a large graph to multiple sub-graphs named risk units and provide the light-weighted graphs to the analyzers. As a result, when k order of time complexity algorithms work with an attack graph with n vertices, a division having c of overhead vertices reduces the workloads from n^{k} to r(n+c)^{k} And the coefficient r becomes smaller geometrically from 2^{-k} depended on their division rounds. By this workload reduction, risk assessment processes which work with large size attack graphs become more scalable and resource practical.

Original language | English |
---|---|

Title of host publication | 2009 International Conference on Information Networking, ICOIN 2009 |

Publication status | Published - 2009 Dec 1 |

Event | 2009 International Conference on Information Networking, ICOIN 2009 - Chiang Mai, Thailand Duration: 2009 Jan 21 → 2009 Jan 24 |

### Other

Other | 2009 International Conference on Information Networking, ICOIN 2009 |
---|---|

Country | Thailand |

City | Chiang Mai |

Period | 09/1/21 → 09/1/24 |

### Fingerprint

### ASJC Scopus subject areas

- Computational Theory and Mathematics
- Computer Networks and Communications
- Hardware and Architecture

### Cite this

*2009 International Conference on Information Networking, ICOIN 2009*[4897263]

**Scalable attack graph for risk assessment.** / Lee, Jehyun; Leet, Heejo; In, Hoh.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

*2009 International Conference on Information Networking, ICOIN 2009.*, 4897263, 2009 International Conference on Information Networking, ICOIN 2009, Chiang Mai, Thailand, 09/1/21.

}

TY - GEN

T1 - Scalable attack graph for risk assessment

AU - Lee, Jehyun

AU - Leet, Heejo

AU - In, Hoh

PY - 2009/12/1

Y1 - 2009/12/1

N2 - The growth in the size of networks and the number of vulnerabilities is increasingly challenging to manage network security. Especially, difficult to manage are multi-step attacks which are attacks using one or more vulnerabilities as stepping stones. Attack graphs are widely used for analyzing multi-step attacks. However, since these graphs had large sizes, it was too expensive to work with. In this paper, we propose a mechanism to manage attack graphs using a divide and conquer approach. To enhance efficiency of risk analyzer working with attack graphs, we converted a large graph to multiple sub-graphs named risk units and provide the light-weighted graphs to the analyzers. As a result, when k order of time complexity algorithms work with an attack graph with n vertices, a division having c of overhead vertices reduces the workloads from nk to r(n+c)k And the coefficient r becomes smaller geometrically from 2-k depended on their division rounds. By this workload reduction, risk assessment processes which work with large size attack graphs become more scalable and resource practical.

AB - The growth in the size of networks and the number of vulnerabilities is increasingly challenging to manage network security. Especially, difficult to manage are multi-step attacks which are attacks using one or more vulnerabilities as stepping stones. Attack graphs are widely used for analyzing multi-step attacks. However, since these graphs had large sizes, it was too expensive to work with. In this paper, we propose a mechanism to manage attack graphs using a divide and conquer approach. To enhance efficiency of risk analyzer working with attack graphs, we converted a large graph to multiple sub-graphs named risk units and provide the light-weighted graphs to the analyzers. As a result, when k order of time complexity algorithms work with an attack graph with n vertices, a division having c of overhead vertices reduces the workloads from nk to r(n+c)k And the coefficient r becomes smaller geometrically from 2-k depended on their division rounds. By this workload reduction, risk assessment processes which work with large size attack graphs become more scalable and resource practical.

UR - http://www.scopus.com/inward/record.url?scp=77951428960&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=77951428960&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:77951428960

SN - 9788996076131

BT - 2009 International Conference on Information Networking, ICOIN 2009

ER -