Abstract
Today’s serious attacks are complex, multi-stage scenarios and can involve bypassing multiple security mechanisms and the use of numerous computer systems. A host which has been controlled by an attacker can become a stepping stone for further intrusion and destruction. Providing attack graphs is one of the most direct and effective way to analyze interactions among network components and sequences of vulnerabilities. However, the findings obtained from an attack graph highly depend on the quality of modeling. In this paper, attack modeling based on Petri nets is extended and an approach based on hierarchical Colored Petri nets is provided. We will use Colored Petri nets to describe attacks in two levels, those being generally and specifically. These treatments can facilitate the understanding of network vulnerabilities further, and enhance effective protection measures.