A graph-based system for network-vulnerability analysis
Proceedings of the 1998 workshop on New security paradigms
Maintaining hierarchical graph views
SODA '00 Proceedings of the eleventh annual ACM-SIAM symposium on Discrete algorithms
A requires/provides model for computer attacks
Proceedings of the 2000 workshop on New security paradigms
Scalable, graph-based network vulnerability analysis
Proceedings of the 9th ACM conference on Computer and communications security
Constructing attack scenarios through correlation of intrusion alerts
Proceedings of the 9th ACM conference on Computer and communications security
HGV: A Library for Hierarchies, Graphs, and Views
GD '02 Revised Papers from the 10th International Symposium on Graph Drawing
Multilevel Visualization of Clustered Graphs
GD '96 Proceedings of the Symposium on Graph Drawing
Representing TCP/IP Connectivity For Topological Analysis of Network Security
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Two Formal Analys s of Attack Graphs
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Alert Correlation in a Cooperative Intrusion Detection Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Using Model Checking to Analyze Network Vulnerabilities
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Efficient Minimum-Cost Network Hardening Via Exploit Dependency Graphs
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
NetKuang: a multi-host configuration vulnerability checker
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
A scalable approach to attack graph generation
Proceedings of the 13th ACM conference on Computer and communications security
International Journal of Information and Computer Security
Visualization based policy analysis: case study in SELinux
Proceedings of the 13th ACM symposium on Access control models and technologies
A Graph-Theoretic Visualization Approach to Network Risk Analysis
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
Improving Attack Graph Visualization through Data Reduction and Attack Grouping
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
Extending logical attack graphs for efficient vulnerability analysis
Proceedings of the 15th ACM conference on Computer and communications security
Optimal IDS Sensor Placement and Alert Prioritization Using Attack Graphs
Journal of Network and Systems Management
Identifying Critical Attack Assets in Dependency Attack Graphs
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Graph Drawing for Security Visualization
Graph Drawing
Multi-step attack modelling and simulation (MsAMS) framework based on mobile ambients
Proceedings of the 2009 ACM symposium on Applied Computing
Extending Anticipation Games with Location, Penalty and Timeline
Formal Aspects in Security and Trust
Techniques for enterprise network security metrics
Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies
Maximizing network security given a limited budget
The Fifth Richard Tapia Celebration of Diversity in Computing Conference: Intellect, Initiatives, Insight, and Innovations
Formal Technique for Discovering Complex Attacks in Computer Systems
Proceedings of the 2007 conference on New Trends in Software Methodologies, Tools and Techniques: Proceedings of the sixth SoMeT_07
An intelligent search technique for network security administration
International Journal of Artificial Intelligence and Soft Computing
Towards Unifying Vulnerability Information for Attack Graph Construction
ISC '09 Proceedings of the 12th International Conference on Information Security
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Towards Modelling Information Security with Key-Challenge Petri Nets
NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
Scalable attack graph for risk assessment
ICOIN'09 Proceedings of the 23rd international conference on Information Networking
COMSNETS'09 Proceedings of the First international conference on COMmunication Systems And NETworks
Application of the pagerank algorithm to alarm graphs
ICICS'07 Proceedings of the 9th international conference on Information and communications security
Analyzing uncertainty in TG protection graphs with TG/MC
Journal of Computer Security
Interactive detection of network anomalies via coordinated multiple views
Proceedings of the Seventh International Symposium on Visualization for Cyber Security
Event-driven architecture based on patterns for detecting complex attacks
International Journal of Critical Computer-Based Systems
Service dependencies in information systems security
MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
Using strategy objectives for network security analysis
Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
A new alert correlation algorithm based on attack graph
CISIS'11 Proceedings of the 4th international conference on Computational intelligence in security for information systems
Effective network vulnerability assessment through model abstraction
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
Distilling critical attack graph surface iteratively through minimum-cost SAT solving
Proceedings of the 27th Annual Computer Security Applications Conference
Modelling and analysing network security policies in a given vulnerability setting
CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
Network vulnerability analysis through vulnerability take-grant model (VTG)
ICICS'05 Proceedings of the 7th international conference on Information and Communications Security
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Toward hybrid attack dependency graphs
Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
Techniques for attack graph visualization and interaction
Proceedings of the Seventh Annual Workshop on Cyber Security and Information Intelligence Research
An alert correlation platform for memory-supported techniques
Concurrency and Computation: Practice & Experience
SPTrack: visual analysis of information flows within SELinux policies and attack logs
AMT'12 Proceedings of the 8th international conference on Active Media Technology
Looking beyond the single pane of glass: visualization and perspective in enterprise network
DUXU'13 Proceedings of the Second international conference on Design, User Experience, and Usability: web, mobile, and product design - Volume Part IV
Hi-index | 0.00 |
We describe a framework for managing network attack graph complexity through interactive visualization, which includes hierarchical aggregation of graph elements. Aggregation collapses non-overlapping subgraphs of the attack graph to single graph vertices, providing compression of attack graph complexity. Our aggregation is recursive (nested), according to a predefined aggregation hierarchy. This hierarchy establishes rules at each level of aggregation, with the rules being based on either common attribute values of attack graph elements or attack graph connectedness. The higher levels of the aggregation hierarchy correspond to higher levels of abstraction, providing progressively summarized visual overviews of the attack graph. We describe rich visual representations that capture relationships among our semantically-relevant attack graph abstractions, and our views support mixtures of elements at all levels of the aggregation hierarchy. While it would be possible to allow arbitrary nested aggregation of graph elements, it is better to constrain aggregation according to the semantics of the network attack problem, i.e., according to our aggregation hierarchy. The aggregation hierarchy also makes efficient automatic aggregation possible. We introduce the novel abstraction of protection domain as a level of the aggregation hierarchy, which corresponds to a fully-connected subgraph (clique) of the attack graph. We avoid expensive detection of attack graph cliques through knowledge of the network configuration, i.e. protection domains are predefined. While significant work has been done in automatically generating attack graphs, this is the first treatment of the management of attack graph complexity for interactive visualization. Overall, computation in our framework has worst-case quadratic complexity, but in practice complexity is greatly reduced because users generally interact with (often negligible) subsets of the attack graph. We apply our framework to a real network, using a software system we have developed for generating and visualizing network attack graphs.