A Framework for Automated Identification of Attack Scenarios on IT Infrastructures

AutorSeyit Ahmet Camtepe, Karsten Bsufka, Leonhard Hennig, Cihan Simsek and Sahin Albayrak
QuellePIK - Praxis Der Informationsverarbeitung und Kommunikation 35 (1): 25-31. doi:10.1515/pik-2012-0005piko.2012.35.1.25. 
LinksBibTeX   |   Uni-Bibliothek 

Due to increased complexity, scale, and functionality of information and telecommunication (IT) infrastructures, every day new exploits and vulnerabilities are discovered. These vulnerabilities are most of the time used by malicious people to penetrate these IT infrastructures for mainly disrupting business or stealing intellectual properties. Current incidents prove that it is not sufficient anymore to perform manual security tests of the IT infrastructure based on sporadic security audits. Instead networks should be continuously tested against possible attacks. In this paper we present current results and challenges towards realizing automated and scalable solutions to identify possible attack scenarios in an IT in- frastructure. Namely, we define an extensible framework which uses public vulnerability databases to identify probable multi-step attacks in an IT infrastructure, and provide recommendations in the form of patching strategies, topology changes, and configuration updates.