A graph-based system for network-vulnerability analysis
Proceedings of the 1998 workshop on New security paradigms
Authentication metric analysis and design
ACM Transactions on Information and System Security (TISSEC)
Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security
IEEE Transactions on Software Engineering
Scalable, graph-based network vulnerability analysis
Proceedings of the 9th ACM conference on Computer and communications security
Model-based analysis of configuration vulnerabilities
Journal of Computer Security
Valuation of Trust in Open Networks
ESORICS '94 Proceedings of the Third European Symposium on Research in Computer Security
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Using Model Checking to Analyze Network Vulnerabilities
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Efficient Minimum-Cost Network Hardening Via Exploit Dependency Graphs
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Correlating Intrusion Events and Building Attack Scenarios Through Attack Graph Distances
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Risk assessment in distributed authorization
Proceedings of the 2005 ACM workshop on Formal methods in security engineering
Measuring the attack surfaces of two FTP daemons
Proceedings of the 2nd ACM workshop on Quality of protection
A weakest-adversary security metric for network configuration security analysis
Proceedings of the 2nd ACM workshop on Quality of protection
Minimum-cost network hardening using attack graphs
Computer Communications
NetKuang: a multi-host configuration vulnerability checker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Measuring the overall security of network configurations using attack graphs
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security
Interactive analysis of attack graphs using relational queries
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
An efficient and unified approach to correlating, hypothesizing, and predicting intrusion alerts
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
An Attack Graph-Based Probabilistic Security Metric
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Improving Attack Graph Visualization through Data Reduction and Attack Grouping
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
Measuring network security using dynamic bayesian network
Proceedings of the 4th ACM workshop on Quality of protection
Identifying Critical Attack Assets in Dependency Attack Graphs
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
A Scalable Approach to Full Attack Graphs Generation
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
Using game theory to configure P2P SIP
Proceedings of the 3rd International Conference on Principles, Systems and Applications of IP Telecommunications
Sat-solving approaches to context-aware enterprise network security management
IEEE Journal on Selected Areas in Communications - Special issue on network infrastructure configuration
Defensive configuration with game theory
IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
Scalable attack graph for risk assessment
ICOIN'09 Proceedings of the 23rd international conference on Information Networking
Quantified security is a weak hypothesis: a critical survey of results and assumptions
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Analyzing uncertainty in TG protection graphs with TG/MC
Journal of Computer Security
Adversary-driven state-based system security evaluation
Proceedings of the 6th International Workshop on Security Measurements and Metrics
Cyber security quantification model
Proceedings of the 3rd international conference on Security of information and networks
Event-driven architecture based on patterns for detecting complex attacks
International Journal of Critical Computer-Based Systems
Effective network vulnerability assessment through model abstraction
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
A model for quantitative security measurement and prioritisation of vulnerability mitigation
International Journal of Security and Networks
Aggregating vulnerability metrics in enterprise networks using attack graphs
Journal of Computer Security
| Hi-index | 0.00 |
In measuring the overall security of a network, a crucial issue is to correctly compose the measure of individual components. Incorrect compositions may lead to misleading results. For example, a network with less vulnerabilities or a more diversified configuration is not necessarily more secure. To obtain correct compositions of individual measures, we need to first understand the interplay between network components. For example, how vulnerabilities can be combined by attackers in advancing an intrusion. Such an understanding becomes possible with recent advances in modeling network security using attack graphs. Based on our experiences with attack graph analysis, we propose an integrated framework for measuring various aspects of network security. We first outline our principles andmethodologies. We then describe concrete examples to buildintuitions. Finally, we present our formal framework. It is our belief that metrics developed based on the proposed framework will lead to novel quantitative approaches to vulnerability analysis, network hardening, and attack response.