Network vulnerability can be analyzed automatically by attack graph. Attack graph tools can generate attack paths in network and show users the network vulnerabilities analyzing process for network security risk analysis. There are some problems such as state space explosion, the high complexity of algorithms, being difficult to demonstrate graphically, and so on, for attack graph generation and visualization techniques. Therefore, we surveyed and analyzed the attack graph generation and visualization technology. We summarized the open source tools like MulVAL, TVA, Attack Graph Toolkit, NetSPA and so on, and the commercial tools, for example, Cauldron, FireMon, Skybox View. We compared and analyzed these tools from the aspects of the attack graph types, scalability, or complexity of attack graph generation algorithm, the degree of attack graph visualization. Their common denominator was summarized, and their different points were analyzed. The future and applications for attack graph were forecasted, for example its applications in industrial control systems, and in the network security defense and risk assessment.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.