Managing attack graph complexity through visual hierarchical aggregation
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
Minimum-cost network hardening using attack graphs
Computer Communications
An OVAL-based active vulnerability assessment system for enterprise computer networks
Information Systems Frontiers
An intelligent search technique for network security administration
International Journal of Artificial Intelligence and Soft Computing
Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts
Computer Communications
A network security analysis method using vulnerability correlation
ICNC'09 Proceedings of the 5th international conference on Natural computation
An ACO based approach for detection of an optimal attack path in a dynamic environment
ICDCN'10 Proceedings of the 11th international conference on Distributed computing and networking
Assessing the risk of an information infrastructure through security dependencies
CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
Interactive analysis of attack graphs using relational queries
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
SPIN'05 Proceedings of the 12th international conference on Model Checking Software
Rule-based topological vulnerability analysis
MMM-ACNS'05 Proceedings of the Third international conference on Mathematical Methods, Models, and Architectures for Computer Network Security
An efficient and unified approach to correlating, hypothesizing, and predicting intrusion alerts
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
FORTE'05 Proceedings of the 25th IFIP WG 6.1 international conference on Formal Techniques for Networked and Distributed Systems
Context and semantics for detection of cyber attacks
International Journal of Information and Computer Security
| Hi-index | 0.00 |
The individual vulnerabilities of hosts on a network canbe combined by an attacker to gain access that would notbe possible if the hosts were not interconnected. Currentlyavailable tools report vulnerabilities in isolation and inthe context of individual hosts in a network. Topologicalvulnerability analysis (TVA) extends this by searching forsequences of interdependent vulnerabilities, distributedamong the various network hosts. Model checking hasbeen applied to the analysis of this problem with someinteresting initial result. However previous efforts did nottake into account a realistic representation of networkconnectivity. These models were enough to demonstratethe usefulness of the model checking approach but wouldnot be sufficient to analyze real-world network securityproblems. This paper presents a modem of network connectivityat multiple levels of the TCP/IP stack appropri-atefor use in a model checker. With this enhancement, it ispossible to represent realistic networks including commonnetwork security devices such as firewalls, filteringrouters, and switches.