Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security
IEEE Transactions on Software Engineering
Survivability analysis of networked systems
ICSE '01 Proceedings of the 23rd International Conference on Software Engineering
Two Formal Analys s of Attack Graphs
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
A Systematic Approach to Multi-Stage Network Attack Analysis
IWIA '04 Proceedings of the Second IEEE International Information Assurance Workshop (IWIA'04)
ACM Transactions on Internet Technology (TOIT)
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Ranking Attack Graphs with Graph Neural Networks
ISPEC '09 Proceedings of the 5th International Conference on Information Security Practice and Experience
Hi-index | 0.00 |
A successful computer system intrusion is often resulted from an attacker combining exploits of individual vulnerability. This can be modelled by attack models and attack graphs to provide a global view on system security against attacker's goal. However, as the size and complexity of attack models and attack graphs usually greatly exceeds human ability to visualize, understand and analyze, a scheme is required to identify important portions of attack models and attack graphs. Mehta et al.proposed to rank states of an attack model by the probability of an adversary reaching a state by a sequence of exploiting individual vulnerabilities in a previous scheme. Important portions can hence be identified by ranks of states. However, Mehta et al.'s ranking scheme is based on the PageRank algorithm which models a web surfing scenario, but has not considered much on the dissimilarity between web surfing scenarios and computer system intrusion scenarios. In this paper, we extend Mehta et al.'s scheme by taking into consideration dissimilarity between web surfing scenarios and computer system intrusion scenarios. We experiment with the same network model used in Mehta et al.'s scheme and have the results compared. The experiments yielded promising results that demonstrated consistent ranks amongst varying parameters modelled by our ranking scheme.