A Graph-Theoretic Visualization Approach to Network Risk Analysis

• Published in: Visualization for Computer Security pp. 60 - 67
• Main Authors: O’Hare, Scott, Noel, Steven, Prole, Kenneth
• Format: Book Chapter
• Language: English
• Published: Berlin, Heidelberg Springer Berlin Heidelberg
• Series: Lecture Notes in Computer Science
• Subjects: attack graph; exploit analysis; network security; situational awareness; visualization; vulnerability assessment
• ISBN: 3540859314; 9783540859314
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-540-85933-8_6

This paper describes a software system that provides significant new capabilities for visualization and analysis of network attack graphs produced through Topological Vulnerability Analysis (TVA). The TVA approach draws on a database of known exploits and system vulnerabilities to provide a connected graph representing possible cyber-attack paths within a given network.  Our visualization approach builds on the extensive functionality of the yWorks suite of graphing tools, providing customized new capabilities for importing, displaying, and interacting with large scale attack graphs, to facilitate comprehensive network security analysis.  These visualization capabilities include clustering of attack graph elements for reducing visual complexity, a hierarchical dictionary of attack graph elements, high-level overview with detail drilldown, interactive on-graph hardening of attacker exploits, and interactive graph layouts.  This new visualization system is an integrated component of the CAULDRON attack graph tool developed at George Mason University.