Practical Attack Graph Generation for Network Defense
Technical Staff Member
Information Systems Technology Group
MIT Lincoln Laboratory
Friday, February 6
11:00 AM - 12:00 PM
3105 Engineering Building
Host: Alex Liu
Attack graphs, a valuable tool for network defenders, illustrate paths an attacker can use to gain access to a targeted network. Defenders can then focus their efforts on patching the vulnerabilities and configuration errors that allow the attackers the greatest amount of access. MIT Lincoln Laboratory has created a new type of attack graph, the multiple-prerequisite graph, that scales nearly linearly as the size of a typical network increases. The Laboratory has built a prototype system using this graph type. The prototype uses readily available source data to automatically compute network reachability, classify vulnerabilities, build the graph, and recommend actions to improve network security. The prototype has been tested on an operational network with over 250 hosts, where it helped to discover a previously unknown configuration error. It can evaluate large, enterprise networks using commodity hardware in seconds and has processed complex simulated networks with over 50,000 hosts in under four minutes.
Kyle Ingols is a member of the technical staff at MIT Lincoln Laboratory, where he works on computer network defense and tamper resistance.