Abstract
Assessing network security can be done in many different ways like applying penetration testing against target network. Penetration testing follows actual steps like reconnaissance, scanning, exploit and logical access to compromised hosts. When attacker compromises a machine, he uses it as a pivot for attacking other machines and getting access to them. An attacker continues in this process till he explores the entire target network or till he reaches his endeavor. This shows that attacks are not a single step but, to reach attackers' goal, the attacker has to go through multiple steps. Many of the available exploitation tools depend on single step that is to compromise the first vulnerable host and then deploy the attacking tools on the newly compromised host. Such tools use the compromised host as pivots to begin the attack steps again from the beginning. ft is as if the attacker moved with his attack tools arsenal from his current position to the new compromised hosts. In this thesis we are presenting a methodology that assists system administrators and penetration testers to secure their network by exploring and understanding their systems' vulnerabilities and their inter-relations in an ethical way. A breadth-first search algorithm is used to automate penetration testing process to discover and compromise hosts on the target network. Hosts are compromised one after the other in a sequential manner so that we can build an attack graph that shows the actual attack path an attacker can take and the weak points in the network under evaluation.
We have compared our methodology with other relevant methodologies and showed that we can automatically build a dynamic and realistic attack graph based on actual and current vulnerabilities with no prior information about the target network under evaluation.
School
School of Sciences and Engineering
Department
Computer Science & Engineering
Degree Name
Masters of Science
Date of Award
3-1-2012
Online Submission Date
1-9-2012
First Advisor
Sherif El-Kassas
Second Advisor
Mikhail Naguib
Committee Member 1
Mikhail Naguib
Committee Member 2
Amr El Kadi
Committee Member 3
Awad Khalil
Document Type
Thesis
Extent
134 p.
Rights
The American University in Cairo grants authors of theses and dissertations a maximum embargo period of two years from the date of submission, upon request. After the embargo elapses, these documents are made available publicly. If you are the author of this thesis or dissertation, and would like to request an exceptional extension of the embargo period, please write to thesisadmin@aucegypt.edu
Recommended Citation
APA Citation
Hassan, A. M.
(2012).Assessing network security through automated attack graph based multi-level penetration testing [Thesis, the American University in Cairo]. AUC Knowledge Fountain.
https://fount.aucegypt.edu/retro_etds/2399
MLA Citation
Hassan, Ahmed Mohamed. Assessing network security through automated attack graph based multi-level penetration testing. 2012. American University in Cairo, Thesis. AUC Knowledge Fountain.
https://fount.aucegypt.edu/retro_etds/2399
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Call Number
Thesis 2012/160