A graph-based system for network-vulnerability analysis
Proceedings of the 1998 workshop on New security paradigms
Secrets & Lies: Digital Security in a Networked World
Secrets & Lies: Digital Security in a Networked World
Scalable, graph-based network vulnerability analysis
Proceedings of the 9th ACM conference on Computer and communications security
XSB: A System for Effciently Computing WFS
LPNMR '97 Proceedings of the 4th International Conference on Logic Programming and Nonmonotonic Reasoning
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Efficient Minimum-Cost Network Hardening Via Exploit Dependency Graphs
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Managing attack graph complexity through visual hierarchical aggregation
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
MulVAL: a logic-based network security analyzer
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Topological analysis of network attack vulnerability
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Information Assurance: Dependability and Security in Networked Systems
Information Assurance: Dependability and Security in Networked Systems
A Graph-Theoretic Visualization Approach to Network Risk Analysis
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
Improving Attack Graph Visualization through Data Reduction and Attack Grouping
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Extending logical attack graphs for efficient vulnerability analysis
Proceedings of the 15th ACM conference on Computer and communications security
The risks with security metrics
Proceedings of the 4th ACM workshop on Quality of protection
Optimal IDS Sensor Placement and Alert Prioritization Using Attack Graphs
Journal of Network and Systems Management
Identifying Critical Attack Assets in Dependency Attack Graphs
ESORICS '08 Proceedings of the 13th European Symposium on Research in Computer Security: Computer Security
Multi-step attack modelling and simulation (MsAMS) framework based on mobile ambients
Proceedings of the 2009 ACM symposium on Applied Computing
A Scalable Approach to Full Attack Graphs Generation
ESSoS '09 Proceedings of the 1st International Symposium on Engineering Secure Software and Systems
An intelligent search technique for network security administration
International Journal of Artificial Intelligence and Soft Computing
Sat-solving approaches to context-aware enterprise network security management
IEEE Journal on Selected Areas in Communications - Special issue on network infrastructure configuration
Towards Modelling Information Security with Key-Challenge Petri Nets
NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
Scalable attack graph for risk assessment
ICOIN'09 Proceedings of the 23rd international conference on Information Networking
Towards analyzing complex operating system access control configurations
Proceedings of the 15th ACM symposium on Access control models and technologies
Towards automatic creation of usable security configuration
INFOCOM'10 Proceedings of the 29th conference on Information communications
Pushing boulders uphill: the difficulty of network intrusion recovery
LISA'09 Proceedings of the 23rd conference on Large installation system administration
Attack scenario recognition through heterogeneous event stream analysis
MILCOM'09 Proceedings of the 28th IEEE conference on Military communications
CANVuS: context-aware network vulnerability scanning
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Effective network vulnerability assessment through model abstraction
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
DBSec'11 Proceedings of the 25th annual IFIP WG 11.3 conference on Data and applications security and privacy
An empirical study on using the national vulnerability database to predict software vulnerabilities
DEXA'11 Proceedings of the 22nd international conference on Database and expert systems applications - Volume Part I
Distilling critical attack graph surface iteratively through minimum-cost SAT solving
Proceedings of the 27th Annual Computer Security Applications Conference
On synthesizing distributed firewall configurations considering risk, usability and cost constraints
Proceedings of the 7th International Conference on Network and Services Management
A learning-based approach to reactive security
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
Ideal based cyber security technical metrics for control systems
CRITIS'07 Proceedings of the Second international conference on Critical Information Infrastructures Security
Intrusion Detection: Towards scalable intrusion detection
Network Security
Network security analysis method taking into account the usage information (poster abstract)
RAID'12 Proceedings of the 15th international conference on Research in Attacks, Intrusions, and Defenses
Integrity walls: finding attack surfaces from mandatory access control policies
Proceedings of the 7th ACM Symposium on Information, Computer and Communications Security
Transforming commodity security policies to enforce Clark-Wilson integrity
Proceedings of the 28th Annual Computer Security Applications Conference
Using security policies to automate placement of network intrusion prevention
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
Go with the flow: toward workflow-oriented security assessment
Proceedings of the 2013 workshop on New security paradigms workshop
Aggregating vulnerability metrics in enterprise networks using attack graphs
Journal of Computer Security
| Hi-index | 0.00 |
Attack graphs are important tools for analyzing security vulnerabilities in enterprise networks. Previous work on attack graphs has not provided an account of the scalability of the graph generating process, and there is often a lack of logical formalism in the representation of attack graphs, which results in the attack graph being difficult to use and understand by human beings. Pioneer work by Sheyner, et al. is the first attack-graph tool based on formal logical techniques, namely model-checking. However, when applied to moderate-sized networks, Sheyner's tool encountered a significant exponential explosion problem. This paper describes a new approach to represent and generate attack graphs. We propose logical attack graphs, which directly illustrate logical dependencies among attack goals and configuration information. A logical attack graph always has size polynomial to the network being analyzed. Our attack graph generation tool builds upon MulVAL, a network security analyzer based on logical programming. We demonstrate how to produce a derivation trace in the MulVAL logic-programming engine, and how to use the trace to generate a logical attack graph in quadratic time. We show experimental evidence that our logical attack graph generation algorithm is very efficient. We have generated logical attack graphs for fully connected networks of 1000 machines using a Pentium 4 CPU with 1GB of RAM.