GENERATING A MULTIPLE-PREREQUISITE ATTACK GRAPH
First Claim
1. A computer-implemented method to generate an attack graph, the method comprising:
- generating a first state node representing a starting point of a cyber attack and corresponding to access to a first host in a network;
generating a first directed edge from the first state node to a first prerequisite node, the first prerequisite node having a first precondition satisfied by the first state node;
generating a second directed edge from the first prerequisite node to a first vulnerability instance node, the first vulnerability instance node having a second precondition satisfied by the first prerequisite node;
generating a third directed edge from the first vulnerability instance node to a second state node, the second state node having a third precondition satisfied by the first vulnerability instance node; and
determining if a potential node, having a fourth precondition satisfied by a current node on the attack graph, provides a fifth precondition equivalent to one of preconditions provided by a group of preexisting nodes, the group of preexisting nodes comprising;
the first state node;
the first vulnerability instance node;
the first prerequisite node; and
the second state node.
1 Assignment
0 Petitions
Accused Products
Abstract
In one aspect, a method to generate an attack graph includes determining if a potential node provides a first precondition equivalent to one of preconditions provided by a group of preexisting nodes on the attack graph. The group of preexisting nodes includes a first state node, a first vulnerability instance node, a first prerequisite node, and a second state node. The method also includes, if the first precondition is equivalent to one of the preconditions provided by the group of preexisting nodes, coupling a current node to a preexisting node providing the precondition equivalent to the first precondition using a first edge and if the first precondition is not equivalent to one of the preconditions provided by the group of preexisting nodes, generating the potential node as a new node on the attack graph and coupling the new node to the current node using a second edge.
19 Citations
31 Claims
-
1. A computer-implemented method to generate an attack graph, the method comprising:
-
generating a first state node representing a starting point of a cyber attack and corresponding to access to a first host in a network; generating a first directed edge from the first state node to a first prerequisite node, the first prerequisite node having a first precondition satisfied by the first state node; generating a second directed edge from the first prerequisite node to a first vulnerability instance node, the first vulnerability instance node having a second precondition satisfied by the first prerequisite node; generating a third directed edge from the first vulnerability instance node to a second state node, the second state node having a third precondition satisfied by the first vulnerability instance node; and determining if a potential node, having a fourth precondition satisfied by a current node on the attack graph, provides a fifth precondition equivalent to one of preconditions provided by a group of preexisting nodes, the group of preexisting nodes comprising;
the first state node;
the first vulnerability instance node;
the first prerequisite node; and
the second state node. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus to generate an attack graph, comprising:
circuitry to; generate a first state node representing a starting point of a cyber attack and corresponding to access to a first host in a network; generate a first directed edge from the first state node to a first prerequisite node, the first prerequisite node having a first precondition satisfied by the first state node; generate a second directed edge from the first prerequisite node to a first vulnerability instance node, the first vulnerability instance node having a second precondition satisfied by the first prerequisite node; generate a third directed edge from the first vulnerability instance node to a second state node, the second state node having a third precondition satisfied by the first vulnerability instance node; and determine if a potential node, having a fourth precondition satisfied by a current node on the attack graph, provides a fifth precondition equivalent to one of preconditions provided by a group of preexisting nodes, the group of preexisting nodes comprising the first state node, the first vulnerability instance node, the first prerequisite node and the second state node. - View Dependent Claims (18, 19, 20)
-
21. An article comprising:
a non-transitory machine-readable medium that stores executable instructions to generate an attack graph, the instructions causing a machine to; generate a first state node representing a starting point of a cyber attack and corresponding to access to a first host in a network; generate a first directed edge from the first state node to a first prerequisite node, the first prerequisite node having a first precondition satisfied by the first state node; generate a second directed edge from the first prerequisite node to a first vulnerability instance node, the first vulnerability instance node having a second precondition satisfied by the first prerequisite node; generate a third directed edge from the first vulnerability instance node to a second state node, the second state node having a third precondition satisfied by the first vulnerability instance node; and determine if a potential node, having a fourth precondition satisfied by a current node on the attack graph, provides a fifth precondition equivalent to one of preconditions provided by a group of preexisting nodes, the group of preexisting nodes comprising;
the first state node;
the first vulnerability instance node;
the first prerequisite node; and
the second state node.- View Dependent Claims (22, 23)
-
24. A computer-implemented method to generate an attack graph for a network, the method comprising:
-
generating a first state node representing a point of attack on the network; generating a first directed edge from the first state node to a first prerequisite node, the first prerequisite node having a first precondition satisfied by the first state node; generating a second directed edge from the first prerequisite node to a first vulnerability instance node, the first vulnerability instance node having a second precondition satisfied by the first prerequisite node; generating a third directed edge from the first vulnerability instance node to a second state node, the second state node having a third precondition satisfied by the first vulnerability instance node; identifying one or more potential nodes for inclusion in the attack graph; and determining if a first one of the one or more potential nodes having a fourth precondition satisfied by a current node on the attack graph, provides a fifth precondition equivalent to one of preconditions provided by a group of preexisting nodes, the group of preexisting nodes comprising the first state node, the first vulnerability instance node, the first prerequisite node and the second state node. - View Dependent Claims (25, 26, 27, 28, 29)
-
-
30. A computer implemented method to generate an attack graph comprising:
determining if a potential node being considered for inclusion in the attack graph includes a precondition equivalent to one or more of a plurality of preconditions provided by a group of preexisting nodes on the attack graph, the group of preexisting nodes comprising a first state node, at least one vulnerability instance node, at least one prerequisite node, and a second state node, each vulnerability instance node on the attack graph having a single directed edge from the vulnerability instance node to exactly one state node wherein each vulnerability instance node indicating a presence of a vulnerability, each prerequisite node representing a prerequisite required to access at least one port associated with a vulnerability instance node. - View Dependent Claims (31)
Specification