Abstract

Attack graphs enable system stakeholders to understand the stepping stones or exploitation procedures that an adversary could potentially execute to impact the confidentiality, integrity, and availability of a network system. These graphs are used to assess risk and to determine components that, when hardened, contribute most to risk reduction. While these graphs are powerful and widely used in enterprise network systems they focus on application vulnerabilities; they currently do not incorporate weaknesses in the network backbone (e.g., routing) that could lead to traffic hijacking, spoofing, eavesdropping, and several others. In this paper, we describe our work in augmenting the MulVAL attack graph software to incorporate network layer misconfigurations. Through a case study, we show how our modular data pipeline, leveraging previous work in network layer attack impact prediction, can aid system stakeholders in identifying risk and deciding on risk reduction strategies.