Improving Attack Graph Visualization Through Data Reduction and Attack Grouping

Various tools exist to analyze enterprise network systems and to produce attack graphs detailing how attackers might penetrate into the system. These attack graphs, however, are often complex and difficult to comprehend fully, and a human user may find it problematic to reach appropriate configuration decisions. This paper presents methodologies that can automatically identify portions of an attack graph that do not help a user to understand the core security problems and so can be trimmed, and automatically group similar attack steps as virtual nodes in a model of the network topology, to immediately increase the understandability of the data. The author believes both methods are important steps toward improving visualization of attack graphs to make them more useful in configuration management for large enterprise networks.