NetSecuritas: An Integrated Attack Graph-Based Security Assessment Tool for Enterprise Networks
Abstract
Sophisticated cyber-attacks have become prominent with the growth of the Internet and web technology. Such attacks are multi-stage ones, and correlate vulnerabilities on intermediate hosts to compromise an otherwise well-protected critical resource. Conventional security assessment approaches can leave out some complex scenarios generated by these attacks. In the literature, these correlated attacks have been modeled using attack graphs. Although a few attack graph-based network security assessment tools are available, they are either commercial products or developed using proprietary databases. In this paper, we develop a customized tool, NetSecuritas, which implements a novel heuristic-based attack graph generation algorithm and integrates different phases of network security assessment. NetSecuritas leverages open-source libraries, tools and publicly available databases. A cost-driven mitigation strategy has also been proposed to generate network security recommendations. Experimental results establish the efficacy of both attack graph generation and mitigation approach.
Recommended Citation
N. Ghosh et al., "NetSecuritas: An Integrated Attack Graph-Based Security Assessment Tool for Enterprise Networks," Proceedings of the 2015 International Conference on Distributed Computing and Networking (2015, Goa, India), Association for Computing Machinery (ACM), Jan 2015.
The definitive version is available at https://doi.org/10.1145/2684464.2684494
Meeting Name
2015 International Conference on Distributed Computing and Networking, ICDCN '15 (2015: Jan. 4-7, Goa, India)
Department(s)
Computer Science
Keywords and Phrases
Complex networks; Computer crime; Distributed computer systems; Graphic methods; Attack graph; Attack graph generation algorithms; Commercial products; Mitigation strategy; Open-source libraries; Penetration testing; Security assessment; Vulnerability assessments; Network security
International Standard Book Number (ISBN)
978-1-4503-2928-6
Document Type
Article - Conference proceedings
Document Version
Citation
File Type
text
Language(s)
English
Rights
© 2015 Association for Computing Machinery (ACM), All rights reserved.
Publication Date
01 Jan 2015
Comments
The work is partially supported by a research grant from the Department of Electronics and Information Technology (DeitY), Ministry of Communication and Information Technology, Government of India under Grant No. 12(14)/09-ESD, dated 11-Jan-2010. The works of S. K. Das is partially supported by the US National Science Foundation under Award Numbers CNS-1404677 and DGE-1433659.