Assessing network security can be done in many different ways like applying penetration testing against target network. Penetration testing follows actual steps like reconnaissance, scanning, exploit and logical access to compromised hosts. When attacker compromises a machine, he uses it as a pivot for attacking other machines and getting access to them. An attacker continues in this process till he explores the entire target network or till he reaches his endeavor. This shows that attacks are not a single step but, to reach attackers' goal, the attacker has to go through multiple steps. Many of the available exploitation tools depend on single step that is to compromise the first vulnerable host and then deploy the attacking tools on the newly compromised host. Such tools use the compromised host as pivots to begin the attack steps again from the beginning. ft is as if the attacker moved with his attack tools arsenal from his current position to the new compromised hosts. In this thesis we are presenting a methodology that assists system administrators and penetration testers to secure their network by exploring and understanding their systems' vulnerabilities and their inter-relations in an ethical way. A breadth-first search algorithm is used to automate penetration testing process to discover and compromise hosts on the target network. Hosts are compromised one after the other in a sequential manner so that we can build an attack graph that shows the actual attack path an attacker can take and the weak points in the network under evaluation.

We have compared our methodology with other relevant methodologies and showed that we can automatically build a dynamic and realistic attack graph based on actual and current vulnerabilities with no prior information about the target network under evaluation.


School of Sciences and Engineering


Computer Science & Engineering

Degree Name

Masters of Science

Date of Award


Online Submission Date


First Advisor

Sherif El-Kassas

Second Advisor

Mikhail Naguib

Committee Member 1

Mikhail Naguib

Committee Member 2

Amr El Kadi

Committee Member 3

Awad Khalil

Document Type



134 p.


The American University in Cairo grants authors of theses and dissertations a maximum embargo period of two years from the date of submission, upon request. After the embargo elapses, these documents are made available publicly. If you are the author of this thesis or dissertation, and would like to request an exceptional extension of the embargo period, please write to thesisadmin@aucegypt.edu

Call Number

Thesis 2012/160