Integrated Graphical Models for Efficient and Practical Network Attack Damage Assessment

We propose integrated graphical models for automatic network attack damage assessment. Graphical models can be powerful in representation, analysis and visualization. The model development is divided into two levels. At the lower level, the focus is on network/system security analysis, and the unique graphical models we will develop are called attack graphs. State-of-the-art attack graphs are either extremely unscalable to be practical or too simplistic to be powerful, and they only support static security analysis. Our proposed attack graph model, in contrast, is scalable, practical, powerful in analysis, and can efficiently provide situational awareness, prediction into the future, and optimized action planning. At the higher level, the graphical models capture the inherent dependency relationship of applications on networks/systems, and of missions on applications. By separating the modeling process and introducing the interfaces for integration, our proposed approach enables independent graphical model development at different levels and at the same time ensures interoperability. To our best knowledge, this is the first work that supports dynamic security analysis and integrates different levels of graphical models for coherent enterprise-wide network attack damage assessment. The developed models will be implemented into an automated software tool to aid the administrators in normal and attack situations.