A graph-based system for network-vulnerability analysis
Proceedings of the 1998 workshop on New security paradigms
A requires/provides model for computer attacks
Proceedings of the 2000 workshop on New security paradigms
Scalable, graph-based network vulnerability analysis
Proceedings of the 9th ACM conference on Computer and communications security
Two Formal Analys s of Attack Graphs
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Using Model Checking to Analyze Network Vulnerabilities
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Efficient Minimum-Cost Network Hardening Via Exploit Dependency Graphs
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Scenario graphs and attack graphs
Scenario graphs and attack graphs
Practical Attack Graph Generation for Network Defense
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Models for threat assessment in networks
Models for threat assessment in networks
Optimal security hardening using multi-objective optimization on attack tree models of networks
Proceedings of the 14th ACM conference on Computer and communications security
Scalable Patch Management Using Evolutionary Analysis of Attack Graphs
ICMLA '08 Proceedings of the 2008 Seventh International Conference on Machine Learning and Applications
Hi-index | 0.00 |
EVA is an attack graph tool that allows an administrator to assess and analyze a network in a variety of fashions. Unlike other attack graph tools which just focus on visualizing the network or recommending a set of patches to secure the network, EVA goes beyond these modes to fully explore the power of attack graphs for a multitude of administrative and security tasks. EVA can be used to derive a set of hardening measures for a network, to perform strategic analysis of a network, to design a more secure network architecture, to assist in forensic evaluations after a security event and to augment an intrusion detect system with information about the likely targets of an attack. This paper summarizes the framework used by EVA, provides real-world results of using EVA and shows how EVA is scalable to large networks.