An Ant Colony Optimization Algorithm for Network Vulnerability Analysis

Intruders often combine exploits against multiple vulnerabilities in order to break into the system. Each attack scenario is a sequence of exploits launched by an intruder that leads to an undesirable state such as access to a database, service disruption, etc. The collection of possible attack scenarios in a computer network can be represented by a directed graph, called network attack graph (NAG). The aim of minimization analysis of network attack graphs is to find a minimum critical set of exploits that completely disconnect the initial nodes and the goal nodes of the graph. In this paper, we present an ant colony optimization algorithm, called AntNAG, for minimization analysis of large-scale network attack graphs. Each ant constructs a critical set of exploits. A local search heuristic has been used to improve the overall performance of the algorithm. The aim is to find a minimum critical set of exploits that must be prevented to guarantee no attack scenario is possible. We compare the performance of the AntNAG with a greedy algorithm for minimization analysis of several large-scale network attack graphs. The results of the experiments show that the AntNAG can be successfully used for minimization analysis of large-scale network attack graphs.