A graph-based system for network-vulnerability analysis
Proceedings of the 1998 workshop on New security paradigms
Matrix analysis and applied linear algebra
Matrix analysis and applied linear algebra
Scalable, graph-based network vulnerability analysis
Proceedings of the 9th ACM conference on Computer and communications security
Two Formal Analys s of Attack Graphs
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Efficient Minimum-Cost Network Hardening Via Exploit Dependency Graphs
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Scenario graphs and attack graphs
Scenario graphs and attack graphs
Managing attack graph complexity through visual hierarchical aggregation
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
ACM Transactions on Internet Technology (TOIT)
Multiple Coordinated Views for Network Attack Graphs
VIZSEC '05 Proceedings of the IEEE Workshops on Visualization for Computer Security
A scalable approach to attack graph generation
Proceedings of the 13th ACM conference on Computer and communications security
Practical Attack Graph Generation for Network Defense
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Toward measuring network security using attack graphs
Proceedings of the 2007 ACM workshop on Quality of protection
Optimal security hardening using multi-objective optimization on attack tree models of networks
Proceedings of the 14th ACM conference on Computer and communications security
Improving Attack Graph Visualization through Data Reduction and Attack Grouping
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
FAME: a firewall anomaly management environment
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
Mining netflow records for critical network activities
AIMS'10 Proceedings of the Mechanisms for autonomous management of networks and services, and 4th international conference on Autonomous infrastructure, management and security
CANVuS: context-aware network vulnerability scanning
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Effective network vulnerability assessment through model abstraction
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
Distilling critical attack graph surface iteratively through minimum-cost SAT solving
Proceedings of the 27th Annual Computer Security Applications Conference
Quantitative survivability evaluation of three virtual machine-based server architectures
Journal of Network and Computer Applications
Aggregating vulnerability metrics in enterprise networks using attack graphs
Journal of Computer Security
Hi-index | 0.00 |
Attack graphs have been proposed as useful tools for analyzing security vulnerabilities in network systems. Even when they are produced efficiently, the size and complexity of attack graphs often prevent a human from fully comprehending the information conveyed. A distillation of this overwhelming amount of information is crucial to aid network administrators in efficiently allocating scarce human and financial resources. This paper introduces AssetRank, a generalization of Google's PageRank algorithm which ranks web pages in web graphs. AssetRank addresses the unique semantics of dependency attack graphs and incorporates vulnerability data from public databases to compute metrics for the graph vertices (representing attacker privileges and vulnerabilities) which reveal their importance in attacks against the system. The results of applying the algorithm on a number of network scenarios show that the numeric ranks computed are consistent with the intuitive importance that the privileges and vulnerabilities have to an attacker. The vertex ranks can be used to prioritize countermeasures, help a human reader to better comprehend security problems, and provide input to further security analysis tools.