Study of Generating Attack Graph based on Privilege Escalation for Computer Networks
All current vulnerability assessment tools only can locate individual vulnerabilities on a single host without considering correlated effect of these vulnerabilities. Aiming at this issue, this paper proposes a method of generating attack graph based on privilege escalation. The vulnerabilities and known attacks with their prerequisites and consequences are modeled based on predicate logic theory and are correlated so as to automatically construct attack graphs with strong operation power of RDBMS. The testing result shows that this system can discover security problems undetectable if only the hosts are assessed individually in a network without simulating attacks. As an application based on relational database, it can be easily integrated with other security tools based on RDBMS.
network security vulnerability predicate logic attack graph relational database management system
Xiuzhen Chen Jianhua Li Shaojun Zhang
School of Information Security Engineering Shanghai Jiaotong University Shanghai,china
国际会议
广州
英文
2008-11-19(万方平台首次上网日期,不代表论文的发表时间)