Abstract

As a model of vulnerability information, attack graphs have seen successes in many automated analyses for defending computer networks against potential intrusions. On the other hand, attack graphs have long been criticized for their poor scalability when serving as a visualization model for human analysts to comprehend, since even a small network may yield an overly complex and incomprehensible attack graph. In this thesis, we propose two novel approaches to improving attack graph visualization. First, we employ recent advances in network security metrics to design metric-driven visualization techniques, which render the most critical information (with the highest metric scores) the most highlighted or magnified. Second, we observe that existing techniques usually aim at a one-size-fits-all solution, which actually renders them less effective for specific applications, and hence we propose to design application-specific visualization solutions. In this thesis, we focus on two such solutions, for network overview and situational awareness, respectively. We present the model and algorithms, describe our implementation, and present our simulation results with regards to scalability and performance.