GENERATING A MULTIPLE-PREREQUISITE ATTACK GRAPH
First Claim
1. A method to generate an attack graph, comprising:
- selecting a first state node as a starting point of a cyber attack, the first state node corresponding to access to a first host in a network;
coupling the first state node to a first prerequisite node having a first precondition satisfied by the first state node using a first edge;
coupling the first prerequisite node to a first vulnerability instance node having a second precondition satisfied by the first prerequisite node using a second edge;
coupling the first vulnerability instance node to a second state node having a third precondition satisfied by the first vulnerability instance node using a third edge;
determining if a potential node, having a fourth precondition satisfied by a current node on the attack graph, provides a fifth precondition equivalent to one of preconditions provided by a group of preexisting nodes, the group of preexisting nodes comprising the first state node, the first vulnerability instance node, the first prerequisite node and the second state node;
if the fifth precondition is equivalent to one of the preconditions provided by the group of preexisting nodes, coupling the current node to a preexisting node providing the precondition equivalent to the fifth precondition using a fourth edge; and
if the fifth precondition is not equivalent to one of the preconditions provided by the group of preexisting nodes,generating the potential node as a new node on the attack graph; and
coupling the new node to the current node using a fifth edge.
1 Assignment
0 Petitions
Accused Products
Abstract
In one aspect, a method to generate an attack graph includes determining if a potential node provides a first precondition equivalent to one of preconditions provided by a group of preexisting nodes on the attack graph. The group of preexisting nodes includes a first state node, a first vulnerability instance node, a first prerequisite node, and a second state node. The method also includes, if the first precondition is equivalent to one of the preconditions provided by the group of preexisting nodes, coupling a current node to a preexisting node providing the precondition equivalent to the first precondition using a first edge and if the first precondition is not equivalent to one of the preconditions provided by the group of preexisting nodes, generating the potential node as a new node on the attack graph and coupling the new node to the current node using a second edge.
-
Citations
32 Claims
-
1. A method to generate an attack graph, comprising:
-
selecting a first state node as a starting point of a cyber attack, the first state node corresponding to access to a first host in a network; coupling the first state node to a first prerequisite node having a first precondition satisfied by the first state node using a first edge; coupling the first prerequisite node to a first vulnerability instance node having a second precondition satisfied by the first prerequisite node using a second edge; coupling the first vulnerability instance node to a second state node having a third precondition satisfied by the first vulnerability instance node using a third edge; determining if a potential node, having a fourth precondition satisfied by a current node on the attack graph, provides a fifth precondition equivalent to one of preconditions provided by a group of preexisting nodes, the group of preexisting nodes comprising the first state node, the first vulnerability instance node, the first prerequisite node and the second state node; if the fifth precondition is equivalent to one of the preconditions provided by the group of preexisting nodes, coupling the current node to a preexisting node providing the precondition equivalent to the fifth precondition using a fourth edge; and if the fifth precondition is not equivalent to one of the preconditions provided by the group of preexisting nodes, generating the potential node as a new node on the attack graph; and coupling the new node to the current node using a fifth edge. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method to generate an attack graph comprising:
-
determining if a potential node provides a first precondition equivalent to one of preconditions provided by a group of preexisting nodes on the attack graph, the group of preexisting nodes comprising a first state node, a first vulnerability instance node, a first prerequisite node, and a second state node; if the first precondition is equivalent to one of the preconditions provided by the group of preexisting nodes, coupling a current node on the attack graph to a preexisting node providing the precondition equivalent to the first precondition using a first edge; and if the first precondition is not equivalent to one of the preconditions provided by the group of preexisting nodes, generating the potential node as a new node on the attack graph and coupling the new node to the current node using a second edge. - View Dependent Claims (13, 14, 15)
-
-
16. A multiple-prerequisite attack graph, comprising:
-
a first state node corresponding to access to a first host in a network, the first host being a starting point of a cyber attack on the network; a first prerequisite node coupled to the first state node by a first edge; a first vulnerability instance node coupled to the first prerequisite node by a second edge and coupled to a second state node by a third edge, the second state node corresponding to access to a second host in the network, the first vulnerability instance node corresponding to a vulnerability instance on a vulnerable poit on the second host; and a current node coupled to one of a group of preexisting nodes by a fourth edge, the one of a group of preexisting nodes satisfying a precondition equivalent to a precondition provided by a potential node, the group of preexisting nodes comprising the first state node, the first vulnerability instance node and the first prerequisite node. - View Dependent Claims (17, 18, 19, 20)
-
-
21. An apparatus to generate an attack graph, comprising:
circuitry to; couple a first state node to a first prerequisite node having a first precondition satisfied by the first state node using a first edge, the first state node being a starting point of a cyber attack and corresponding to access to a first host in a network; couple the first prerequisite node to a first vulnerability instance node having a second precondition satisfied by the first prerequisite node using a second edge; couple the first vulnerability instance node to a second state node having a third precondition satisfied by the first vulnerability instance node using a third edge; determine if a potential node, having a fourth precondition satisfied by a current node on the attack graph, provides a fifth precondition equivalent to preconditions provided by a group of preexisting nodes, the group of preexisting nodes comprising the first state node, the first vulnerability instance node, the first prerequisite node and the second state node; if the fifth precondition is equivalent to one of the preconditions provided by the group of preexisting nodes, couple the current node to a preexisting node providing the precondition equivalent to the fifth precondition using a fourth edge; and if the fifth precondition is not equivalent to one of the preconditions provided by the group of preexisting nodes, generate the potential node as a new node on the attack graph; and couple the new node to the current node using a fifth edge. - View Dependent Claims (22, 23, 24, 25, 26, 27)
-
28. An article comprising a machine-readable medium that stores executable instructions to generate an attack graph, the instructions causing a machine to:
-
couple a first state node to a first prerequisite node having a first precondition satisfied by the first state node using a first edge, the first state node being a starting point of a cyber attack and corresponding to access to a first host in a network; couple the first prerequisite node to a first vulnerability instance node having a second precondition satisfied by the first prerequisite node using a second edge; couple the first vulnerability instance node to a second state node having a third precondition satisfied by the first vulnerability instance node using a third edge; determine if a potential node, having a fourth precondition satisfied by a current node on the attack graph, provides a fifth precondition equivalent to preconditions provided by a group of preexisting nodes, the group of preexisting nodes comprising the first state node, the first vulnerability instance node, the first prerequisite node and the second state node; if the fifth precondition is equivalent to one of the preconditions provided by the group of preexisting nodes, couple the current node to a preexisting node providing the precondition equivalent to the fifth precondition using a fourth edge; and if the fifth precondition is not equivalent to one of the preconditions provided by the group of preexisting nodes, generate the potential node as a new node on the attack graph; and couple the new node to the current node using a fifth edge. - View Dependent Claims (29, 30, 31, 32)
-
Specification