Skip to main content
Kyle Ingols: CSE Colloquium Series | Department of Computer Science and Engineering | Michigan State University

Practical Attack Graph Generation for Network Defense

Spring 2009 CSE Colloquium Series

Kyle Ingols

Technical Staff Member
Information Systems Technology Group
MIT Lincoln Laboratory

Friday, February 6
11:00 AM - 12:00 PM
3105 Engineering Building

Host: Alex Liu

Abstract

Attack graphs, a valuable tool for network defenders, illustrate paths an attacker can use to gain access to a targeted network. Defenders can then focus their efforts on patching the vulnerabilities and configuration errors that allow the attackers the greatest amount of access. MIT Lincoln Laboratory has created a new type of attack graph, the multiple-prerequisite graph, that scales nearly linearly as the size of a typical network increases. The Laboratory has built a prototype system using this graph type. The prototype uses readily available source data to automatically compute network reachability, classify vulnerabilities, build the graph, and recommend actions to improve network security. The prototype has been tested on an operational network with over 250 hosts, where it helped to discover a previously unknown configuration error. It can evaluate large, enterprise networks using commodity hardware in seconds and has processed complex simulated networks with over 50,000 hosts in under four minutes.

Biography

Kyle Ingols is a member of the technical staff at MIT Lincoln Laboratory, where he works on computer network defense and tamper resistance.