查看文章

Today's computer networks are prone to sophisticated multi-step, multi-host attacks. Common approaches of identifying vulnerabilities and analyzing the security of such networks with naive methods such as counting the number of vulnerabilities, or examining the vulnerabilities independently produces incomprehensive and limited security assessment results. On the other hand, attack graphs generated from the identified vulnerabilities at a network illustrate security risks via attack paths that are not apparent with the results of the primitive approaches. One common technique of generating attack graphs requires well established definitions and data of prerequisites and postconditions relating to the known vulnerabilities. A number of works suggest prerequisite and postcondition categorization schemes for software vulnerabilities. However, generating them in an automated way is an open issue. In this paper, we …