Assessing network security can be done in many different ways like applying penetration testing against target network. Penetration testing follows actual steps like reconnaissance, scanning, exploit and logical access to compromised hosts. When attacker compromises a machine, he uses it as a pivot for attacking other machines and getting access to them. An attacker continues in this process till he explores the entire target network or till he reaches his endeavor. This shows that attacks are not a single step but, to reach attackers' goal, the attacker has to go through multiple steps. Many of the available exploitation tools depend on single step that is to compromise the first vulnerable host and then deploy the attacking tools on the newly compromised host. Such tools use the compromised host as pivots to begin the attack steps again from the beginning. ft is as if the attacker moved with his attack tools arsenal from his current position to the new compromised hosts. In this thesis we are presenting a methodology that assists system administrators and penetration testers to secure their network by exploring and understanding their systems' vulnerabilities and their inter-relations in an ethical way. A breadth-first search algorithm is used to automate penetration testing process to discover and compromise hosts on the target network. Hosts are compromised one after the other in a sequential manner so that we can build an attack graph that shows the actual attack path an attacker can take and the weak points in the network under evaluation.
We have compared our methodology with other relevant methodologies and showed that we can automatically build a dynamic and realistic attack graph based on actual and current vulnerabilities with no prior information about the target network under evaluation.
School of Sciences and Engineering
Computer Science & Engineering
Masters of Science
Date of Award
Online Submission Date
Committee Member 1
Committee Member 2
Amr El Kadi
Committee Member 3
The American University in Cairo grants authors of theses and dissertations a maximum embargo period of two years from the date of submission, upon request. After the embargo elapses, these documents are made available publicly. If you are the author of this thesis or dissertation, and would like to request an exceptional extension of the embargo period, please write to email@example.com
Hassan, A. M.
(2012).Assessing network security through automated attack graph based multi-level penetration testing [Thesis, the American University in Cairo]. AUC Knowledge Fountain.
Hassan, Ahmed Mohamed. Assessing network security through automated attack graph based multi-level penetration testing. 2012. American University in Cairo, Thesis. AUC Knowledge Fountain.
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.