Managing attack graph complexity through visual hierarchical aggregation
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
A weakest-adversary security metric for network configuration security analysis
Proceedings of the 2nd ACM workshop on Quality of protection
Framework for malware resistance metrics
Proceedings of the 2nd ACM workshop on Quality of protection
A framework for establishing, assessing, and managing trust in inter-organizational relationships
Proceedings of the 3rd ACM workshop on Secure web services
A scalable approach to attack graph generation
Proceedings of the 13th ACM conference on Computer and communications security
Minimum-cost network hardening using attack graphs
Computer Communications
MulVAL: a logic-based network security analyzer
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Toward measuring network security using attack graphs
Proceedings of the 2007 ACM workshop on Quality of protection
Optimal security hardening using multi-objective optimization on attack tree models of networks
Proceedings of the 14th ACM conference on Computer and communications security
Information Assurance: Dependability and Security in Networked Systems
Information Assurance: Dependability and Security in Networked Systems
Implementing interactive analysis of attack graphs using relational databases
Journal of Computer Security - 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec'06)
Risk assessment in practice: A real case study
Computer Communications
An Attack Graph-Based Probabilistic Security Metric
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Towards more secure systems: how to combine expert evaluations
Proceedings of the 4th international conference on Security and privacy in communication netowrks
Identifying Critical Attack Assets in Dependency Attack Graphs
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Extending Anticipation Games with Location, Penalty and Timeline
Formal Aspects in Security and Trust
Maximizing network security given a limited budget
The Fifth Richard Tapia Celebration of Diversity in Computing Conference: Intellect, Initiatives, Insight, and Innovations
Formal Technique for Discovering Complex Attacks in Computer Systems
Proceedings of the 2007 conference on New Trends in Software Methodologies, Tools and Techniques: Proceedings of the sixth SoMeT_07
An intelligent search technique for network security administration
International Journal of Artificial Intelligence and Soft Computing
Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts
Computer Communications
Sat-solving approaches to context-aware enterprise network security management
IEEE Journal on Selected Areas in Communications - Special issue on network infrastructure configuration
Scalable attack graph for risk assessment
ICOIN'09 Proceedings of the 23rd international conference on Information Networking
COMSNETS'09 Proceedings of the First international conference on COMmunication Systems And NETworks
Evaluating MAPSec by marking attack graphs
Wireless Networks
Measuring the overall security of network configurations using attack graphs
Proceedings of the 21st annual IFIP WG 11.3 working conference on Data and applications security
Towards analyzing complex operating system access control configurations
Proceedings of the 15th ACM symposium on Access control models and technologies
EVA: a framework for network analysis and risk assessment
LISA'09 Proceedings of the 23rd conference on Large installation system administration
Event-driven architecture based on patterns for detecting complex attacks
International Journal of Critical Computer-Based Systems
Service dependencies in information systems security
MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
Using strategy objectives for network security analysis
Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
Objective Risk Evaluation for Automated Security Management
Journal of Network and Systems Management
An ACO based approach for detection of an optimal attack path in a dynamic environment
ICDCN'10 Proceedings of the 11th international conference on Distributed computing and networking
Distilling critical attack graph surface iteratively through minimum-cost SAT solving
Proceedings of the 27th Annual Computer Security Applications Conference
Interactive analysis of attack graphs using relational queries
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
An efficient and unified approach to correlating, hypothesizing, and predicting intrusion alerts
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
A planner-based approach to generate and analyze minimal attack graph
Applied Intelligence
Transforming commodity security policies to enforce Clark-Wilson integrity
Proceedings of the 28th Annual Computer Security Applications Conference
Accepting the inevitable: factoring the user into home computer security
Proceedings of the third ACM conference on Data and application security and privacy
Quantitative survivability evaluation of three virtual machine-based server architectures
Journal of Network and Computer Applications
Using security policies to automate placement of network intrusion prevention
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
A model for quantitative security measurement and prioritisation of vulnerability mitigation
International Journal of Security and Networks
| Hi-index | 0.00 |
In-depth analysis of network security vulnerabilitymust consider attacker exploits not just in isolation, butalso in combination. The general approach to thisproblem is to compute attack paths (combinations ofexploits), from which one can decide whether a given setof network hardening measures guarantees the safety ofgiven critical resources. We go beyond attack paths tocompute actual sets of hardening measures (assignmentsof initial network conditions) that guarantee the safety ofgiven critical resources. Moreover, for given costsassociated with individual hardening measures, wecompute assignments that minimize overall cost. Bydoing our minimization at the level of initial conditionsrather than exploits, we resolve hardening irrelevanciesand redundancies in a way that cannot be done throughpreviously proposed exploit-level approaches. Also, weuse an efficient exploit-dependency representation basedon monotonic logic that has polynomial complexity, asopposed to many previous attack graph representationshaving exponential complexity.