Key concepts to consider while watching the demos
1. Attack graphs constitute a powerful mathematical tool aimed at modelling the many ways in which an attacker may compromise different assets in a network.
Despite the theoretical beauty of the concept and its benefits on many areas of network security, the practical use of attack graphs has remained a challenging problem since their initial conception on the early 2000s.
2. Attack graph complexity is one of the main issues that prevent attack graphs from being widely used in practice.
As networks become larger and denser, such complexity inherently defies scalability aspects not only at a computational level but also from a human understanding perspective.
This is one of the reasons why we still do not see attack graphs extensively deployed in today’s enterprise and organisation networks.
3. Our research work aims at addressing attack graph complexity from a novel perspective.
By performing a structural summarisation process over the input network, our approach is able to produce more compact and simple graphs, that in turn can be further explored and analysed in a hierarchical manner.
These properties permit to
reduce attack analysis complexity,
handle network cycles,
ease visualisation aspects and
support efficient subsequent analysis.
We call these graphs core attack graphs, or simply, core graphs.
4. In that context, Naggen is a tool aimed at the generation and visualisation of core attack graphs, and is essentially composed of two main parts.
The first one is a command line-based system, called Naggen-Shell, written in Java, that allows us to load scenarios and generate attack graph representations.
The second one, which we cover in the introductory video, is a visualisation component intended to display the generated attack graphs and provide the tools to explore them.
This video presents a case study and shows how we can use Naggen to:
(1) visualise the details of the network,
(2) analyse the standard logical attack graph generated for this scenario,
(3) explore the corresponding core attack graph, and
(4) investigate security applications: (i) monitoring, (ii) security perimeters, and (iii) forensic investigations.
A brief summary of the generation steps is provided at the end of this video.