A novel approach for analysis of attack graph

Mohammadmehdi Yousefi, Nhamoinesu Mtetwa, Yan Zhang, Huaglory Tianfield

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Citations (Scopus)
465 Downloads (Pure)


Attack graph technique is a common tool for the evaluation of network security. However, attack graphs are generally too large and complex to be understood and interpreted by security administrators. This paper proposes an analysis framework for security attack graphs for a given IT infrastructure system. First, in order to facilitate the discovery of interconnectivities among vulnerabilities in a network, multi-host multi-stage vulnerability analysis (MulVAL) is employed to generate an attack graph for a given network topology. Then a novel algorithm is applied to refine the attack graph and generate a simplified graph called a transition graph. Next, a Markov model is used to project the future security posture of the system. Finally, the framework is evaluated by applying it on a typical IT network scenario with specific services, network configurations, and vulnerabilities.
Original languageEnglish
Title of host publication2017 IEEE International Conference on Intelligence and Security Informatics: Security and Big Data, ISI 2017
Number of pages6
ISBN (Electronic)9781509067275
Publication statusPublished - 10 Aug 2017


  • cyber security
  • security metrics
  • vulnerability assessment
  • attack graph

ASJC Scopus subject areas

  • Information Systems and Management
  • Artificial Intelligence
  • Information Systems
  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications


Dive into the research topics of 'A novel approach for analysis of attack graph'. Together they form a unique fingerprint.

Cite this