Attack graph (AG) has been proposed for years as an effective method to model, analyse, and evaluate the security of complicated computer systems or networks.
To construct an attack graph, the runtime information about the target system or network environment should be monitored, gathered, and later evaluated with existing descriptions of known vulnerabilities available from the public vulnerability database (VDB). The output will be visualized into a graph structure for further theoretical measurements. Information gatherer, vulnerability repository, and the reasoning engine are three important components of an attack graph constructor. This project formulates a generic framework for automatically constructing attack graphs.
The issue for representing the practically gathered system information as well as the exist-ing vulnerability information by a unified format is addressed by a central vulnerability management platform on which the knowledge transformation approach is proposed to make it possible to integrate reasoning algorithms of some other attack graph tools. An experimental prototype of an attack graph construction platform is implemented and demonstrated by several practical cases.