Visualization techniques in attack graphs

Abstract

Attack graphs present a visual representation of all the potential vulnerabilities and attack paths in a network. They act as a vital security tool in finding the critical attack paths in the enterprise wide networks. Generated attack graphs for complex networks present thousands of attack paths to visualize and represent to the end user. Enhancing the visualization of attack graphs by adding user interactivity will greatly improve in analyzing attack graphs and identifying the critical attack paths in the enterprise network. The layout of the attack graph can be adjusted to represent the layout of the real world enterprise network. Adding user interactivity to attack graphs is done using Prefuse, a software framework written in Java for information visualization. Prefuse is flexible and got the ability to render large amounts of data in an efficient manner. The visualization framework for the attack graphs provides a GUI tool for interacting with attack graph. The framework is a layered architecture with two important layers, the static layer and the dynamic layer. The static layer translates the attack graph trace generated from MuLVAL into a standard graphviz dot language descriptive file. The dynamic layer translates the graphviz dot file into a graph object that can be interpreted and visualized using the prefuse software framework. Preliminary result in this work has been published in [19].