The algorithm design manual
A threshold of ln n for approximating set cover
Journal of the ACM (JACM)
Introduction to Algorithms
Scalable, graph-based network vulnerability analysis
Proceedings of the 9th ACM conference on Computer and communications security
Constructing attack scenarios through correlation of intrusion alerts
Proceedings of the 9th ACM conference on Computer and communications security
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Using Model Checking to Analyze Network Vulnerabilities
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Managing attack graph complexity through visual hierarchical aggregation
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Correlating Intrusion Events and Building Attack Scenarios Through Attack Graph Distances
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Multiple Coordinated Views for Network Attack Graphs
VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
Understanding Complex Network Attack Graphs through Clustered Adjacency Matrices
ACSAC '05 Proceedings of the 21st Annual Computer Security Applications Conference
A formal approach to sensor placement and configuration in a network intrusion detection system
Proceedings of the 2006 international workshop on Software engineering for secure systems
A weakest-adversary security metric for network configuration security analysis
Proceedings of the 2nd ACM workshop on Quality of protection
Understanding multistage attacks by attack-track based visualization of heterogeneous event streams
Proceedings of the 3rd international workshop on Visualization for computer security
A scalable approach to attack graph generation
Proceedings of the 13th ACM conference on Computer and communications security
An approach to graph-based modeling of network exploitations
An approach to graph-based modeling of network exploitations
Minimum-cost network hardening using attack graphs
Computer Communications
Models for threat assessment in networks
Models for threat assessment in networks
NetKuang: a multi-host configuration vulnerability checker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
An Artificial Intelligence Based Approach for Risk Management Using Attack Graph
CIS '07 Proceedings of the 2007 International Conference on Computational Intelligence and Security
Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts
Computer Communications
Measuring the overall security of network configurations using attack graphs
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security
Rule-based topological vulnerability analysis
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
A Deployment Value Model for Intrusion Detection Sensors
ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance
Indices of power in optimal IDS default configuration: theory and examples
GameSec'11 Proceedings of the Second international conference on Decision and Game Theory for Security
Multi-layer episode filtering for the multi-step attack detection
Computer Communications
Intrusion Detection: Towards scalable intrusion detection
Network Security
The placement-configuration problem for intrusion detection nodes in wireless sensor networks
Computers and Electrical Engineering
Hi-index | 0.00 |
We optimally place intrusion detection system (IDS) sensors and prioritize IDS alerts using attack graph analysis. We begin by predicting all possible ways of penetrating a network to reach critical assets. The set of all such paths through the network constitutes an attack graph, which we aggregate according to underlying network regularities, reducing the complexity of analysis. We then place IDS sensors to cover the attack graph, using the fewest number of sensors. This minimizes the cost of sensors, including effort of deploying, configuring, and maintaining them, while maintaining complete coverage of potential attack paths. The sensor-placement problem we pose is an instance of the NP-hard minimum set cover problem. We solve this problem through an efficient greedy algorithm, which works well in practice. Once sensors are deployed and alerts are raised, our predictive attack graph allows us to prioritize alerts based on attack graph distance to critical assets.