Key points are not available for this paper at this time.
Sophisticated cyber-attacks have become prominent with the growth of the Internet and web technology. Such attacks are multi-stage ones, and correlate vulnerabilities on intermediate hosts to compromise an otherwise well-protected critical resource. Conventional security assessment approaches can leave out some complex scenarios generated by these attacks. In the literature, these correlated attacks have been modeled using attack graphs. Although a few attack graph-based network security assessment tools are available, they are either commercial products or developed using proprietary databases. In this paper, we develop a customized tool, NetSecuritas, which implements a novel heuristic-based attack graph generation algorithm and integrates different phases of network security assessment. NetSecuritas leverages open-source libraries, tools and publicly available databases. A cost-driven mitigation strategy has also been proposed to generate network security recommendations. Experimental results establish the efficacy of both attack graph generation and mitigation approach.
Ghosh et al. (Sun,) studied this question.