Graphs & digraphs (2nd ed.)
Classification and detection of computer intrusions
Classification and detection of computer intrusions
Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security
IEEE Transactions on Software Engineering
Adversary work factor as a metric for information assurance
Proceedings of the 2000 workshop on New security paradigms
A requires/provides model for computer attacks
Proceedings of the 2000 workshop on New security paradigms
Scalable, graph-based network vulnerability analysis
Proceedings of the 9th ACM conference on Computer and communications security
Constructing attack scenarios through correlation of intrusion alerts
Proceedings of the 9th ACM conference on Computer and communications security
Model-based analysis of configuration vulnerabilities
Journal of Computer Security
Two Formal Analys s of Attack Graphs
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Alert Correlation in a Cooperative Intrusion Detection Framework
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Using Model Checking to Analyze Network Vulnerabilities
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Efficient Minimum-Cost Network Hardening Via Exploit Dependency Graphs
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Managing attack graph complexity through visual hierarchical aggregation
Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security
An Access Control Model for Secure Cluster-Computing Environments
HICSS '05 Proceedings of the Proceedings of the 38th Annual Hawaii International Conference on System Sciences - Volume 09
An approach to graph-based modeling of network exploitations
An approach to graph-based modeling of network exploitations
DARPA Information Assurance Program dynamic defense experiment summary
IEEE Transactions on Systems, Man, and Cybernetics, Part A: Systems and Humans
Improving Attack Graph Visualization through Data Reduction and Attack Grouping
VizSec '08 Proceedings of the 5th international workshop on Visualization for Computer Security
Multi-step attack modelling and simulation (MsAMS) framework based on mobile ambients
Proceedings of the 2009 ACM symposium on Applied Computing
SIMVA: simulation-based network vulnerability analysis system
SpringSim '09 Proceedings of the 2009 Spring Simulation Multiconference
Effective network vulnerability assessment through model abstraction
DIMVA'11 Proceedings of the 8th international conference on Detection of intrusions and malware, and vulnerability assessment
Aggregating vulnerability metrics in enterprise networks using attack graphs
Journal of Computer Security
| Hi-index | 0.00 |
In this article, a modeling process is defined to address challenges in analyzing attack scenarios and mitigating vulnerabilities in networked environments. Known system vulnerability data, system configuration data, and vulnerability scanner results are considered to create exploitation graphs (e-graphs) that are used to represent attack scenarios. Experiments carried out in a cluster computing environment showed the usefulness of proposed techniques in providing in-depth attack scenario analyses for security engineering. Critical vulnerabilities can be identified by employing graph algorithms. Several factors were used to measure the difficulty in executing an attack. A cost/benefit analysis was used for more accurate quantitative analysis of attack scenarios. The authors also show how the attack scenario analyses better help deployment of security products and design of network topologies.