A test of attack graph-based evaluation of IT-security
Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
To assess the accuracy and correctness of attack graphs I have studied several different attack graphs and their attributes. The purpose of this study is to find out if attack graphs can successfully predict real attacks on modern systems. Test design was built to test MulVALs performance when Nexpose is used to provide system information. Based on the ROC measurement method the results shows that MulVALs accuracy is only 0.02 percent when determining attack paths used to compromise the system. The main reason for low accuracy was due to the high trade o in precision, where MulVAL suggested thousands of paths to the decision maker which no attacker tried.
Place, publisher, year, edition, pages
, UMNAD, 976
Engineering and Technology
IdentifiersURN: urn:nbn:se:umu:diva-85911OAI: oai:DiVA.org:umu-85911DiVA: diva2:696145
Master of Science Programme in Computing Science and Engineering