A graph-based system for network-vulnerability analysis
Proceedings of the 1998 workshop on New security paradigms
Authentication metric analysis and design
ACM Transactions on Information and System Security (TISSEC)
Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security
IEEE Transactions on Software Engineering
Scalable, graph-based network vulnerability analysis
Proceedings of the 9th ACM conference on Computer and communications security
Model-based analysis of configuration vulnerabilities
Journal of Computer Security
Valuation of Trust in Open Networks
ESORICS '94 Proceedings of the Third European Symposium on Research in Computer Security
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Using Model Checking to Analyze Network Vulnerabilities
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Efficient Minimum-Cost Network Hardening Via Exploit Dependency Graphs
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Correlating Intrusion Events and Building Attack Scenarios Through Attack Graph Distances
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Risk assessment in distributed authorization
Proceedings of the 2005 ACM workshop on Formal methods in security engineering
Measuring the attack surfaces of two FTP daemons
Proceedings of the 2nd ACM workshop on Quality of protection
A weakest-adversary security metric for network configuration security analysis
Proceedings of the 2nd ACM workshop on Quality of protection
Minimum-cost network hardening using attack graphs
Computer Communications
NetKuang: a multi-host configuration vulnerability checker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts
Computer Communications
Interactive analysis of attack graphs using relational queries
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
An efficient and unified approach to correlating, hypothesizing, and predicting intrusion alerts
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Toward measuring network security using attack graphs
Proceedings of the 2007 ACM workshop on Quality of protection
Implementing interactive analysis of attack graphs using relational databases
Journal of Computer Security - 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec'06)
An Attack Graph-Based Probabilistic Security Metric
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Measuring network security using dynamic bayesian network
Proceedings of the 4th ACM workshop on Quality of protection
Optimal IDS Sensor Placement and Alert Prioritization Using Attack Graphs
Journal of Network and Systems Management
Techniques for enterprise network security metrics
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
Maximizing network security given a limited budget
The Fifth Richard Tapia Celebration of Diversity in Computing Conference: Intellect, Initiatives, Insight, and Innovations
Using game theory to configure P2P SIP
Proceedings of the 3rd International Conference on Principles, Systems and Applications of IP Telecommunications
Effective network vulnerability assessment through model abstraction
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
Relationships between information security metrics: an empirical study
Proceedings of the Eighth Annual Cyber Security and Information Intelligence Research Workshop
Go with the flow: toward workflow-oriented security assessment
Proceedings of the 2013 workshop on New security paradigms workshop
Aggregating vulnerability metrics in enterprise networks using attack graphs
Journal of Computer Security
Hi-index | 0.00 |
Today's computer systems face sophisticated intrusions during which multiple vulnerabilities can be combined for reaching an attack goal. The overall security of a network system cannot simply be determined based on the number of vulnerabilities. To quantitatively assess the security of networked systems, one must first understand which and how vulnerabilities can be combined for an attack. Such an understanding becomes possible with recent advances in modeling the composition of vulnerabilities as attack graphs. Based on our experiences with attack graph analysis, we explore different concepts and issues on a metric to quantify potential attacks. To accomplish this, we present an attack resistance metric for assessing and comparing the security of different network configurations. This paper describes the metric at an abstract level as two composition operators with features for expressing additional constraints. We consider two concrete cases. The first case assumes the domain of attack resistance to be real number and the second case represents resistances as a set of initial security conditions. We show that the proposed metric satisfies desired properties and that it adheres to common sense. At the same time, it generalizes a previously proposed metric that is also based on attack graphs. It is our belief that the proposed metric will lead to novel quantitative approaches to vulnerability analysis, network hardening, and attack responses.