A graph-based system for network-vulnerability analysis
Proceedings of the 1998 workshop on New security paradigms
An updated survey of GA-based multiobjective optimization techniques
ACM Computing Surveys (CSUR)
Genetic Algorithms in Search, Optimization and Machine Learning
Genetic Algorithms in Search, Optimization and Machine Learning
Multi-Objective Optimization Using Evolutionary Algorithms
Multi-Objective Optimization Using Evolutionary Algorithms
Security attribute evaluation method: a cost-benefit approach
Proceedings of the 24th International Conference on Software Engineering
Scalable, graph-based network vulnerability analysis
Proceedings of the 9th ACM conference on Computer and communications security
Toward cost-sensitive modeling for intrusion detection and response
Journal of Computer Security
Two Formal Analys s of Attack Graphs
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Efficient Minimum-Cost Network Hardening Via Exploit Dependency Graphs
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Decision Support Systems - Special issue: Intelligence and security informatics
Using attack trees to identify malicious attacks from authorized insiders
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
A fast and elitist multiobjective genetic algorithm: NSGA-II
IEEE Transactions on Evolutionary Computation
Identifying Critical Attack Assets in Dependency Attack Graphs
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Sat-solving approaches to context-aware enterprise network security management
IEEE Journal on Selected Areas in Communications - Special issue on network infrastructure configuration
Towards automatic creation of usable security configuration
INFOCOM'10 Proceedings of the 29th conference on Information communications
EVA: a framework for network analysis and risk assessment
LISA'09 Proceedings of the 23rd conference on Large installation system administration
Dynamic deployment of context-aware access control policies for constrained security devices
Journal of Systems and Software
Technical Communication: Attribution of attack trees
Computers and Electrical Engineering
Effective network vulnerability assessment through model abstraction
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
An empirical study on using the national vulnerability database to predict software vulnerabilities
DEXA'11 Proceedings of the 22nd international conference on Database and expert systems applications - Volume Part I
Challenges in secure sensor-cloud computing
SDM'11 Proceedings of the 8th VLDB international conference on Secure data management
Distilling critical attack graph surface iteratively through minimum-cost SAT solving
Proceedings of the 27th Annual Computer Security Applications Conference
On synthesizing distributed firewall configurations considering risk, usability and cost constraints
Proceedings of the 7th International Conference on Network and Services Management
Mitigating multi-threats optimally in proactive threat management
ACM SIGSOFT Software Engineering Notes
Accepting the inevitable: factoring the user into home computer security
Proceedings of the third ACM conference on Data and application security and privacy
Aggregating vulnerability metrics in enterprise networks using attack graphs
Journal of Computer Security
Hi-index | 0.00 |
Researchers have previously looked into the problem of determining if a given set of security hardening measures can effectively make a networked system secure. Many of them also addressed the problem of minimizing the total cost of implementing these hardening measures, given costs for individual measures. However, system administrators are often faced with a more challenging problem since they have to work within a fixed budget which may be less than the minimum cost of system hardening. Their problem is how to select a subset of security hardening measures so as to be within the budget and yet minimize the residual damage to the system caused by not plugging all required security holes. In this work, we develop a systematic approach to solve this problem by formulating it as a multi-objective optimization problem on an attack tree model of the system and then use an evolutionary algorithm to solve it.