Qualitative and quantitative analytical techniques for network security assessment

Proceedings fron the Fifth Annual IEEE System, Man and Cybernetics Information Assurance Workshop, SMC

Volumn , Issue , 2004, Pages 321-328

  Clark, K ^a   Tyree, S ^a   Dawkins, J ^a   Hale, J ^a  

^a UNIVERSITY OF TULSA   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

NETWORK SECURITY MANAGEMENT; OBJECT-ORIENTED NETWORK MODELS; RETURN ON INVESTMENT (ROI); VULNERABILITY MODELS;

ALGORITHMS; DATABASE SYSTEMS; JAVA PROGRAMMING LANGUAGE; KNOWLEDGE BASED SYSTEMS; MATHEMATICAL MODELS; OBJECT ORIENTED PROGRAMMING; RISK ASSESSMENT; RISK MANAGEMENT; ROUTERS; SERVERS; SPECIFICATIONS; WORLD WIDE WEB; XML;

SECURITY OF DATA;

EID: 15944397932     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (20)

1. C. Campbell, "A stateful framework for multi-stage network attack modeling," Master's thesis, University of Tulsa, 2003.
2. J. Dawkins, "A systematic approach to multi-stage network attack analysis," Master's thesis, University of Tulsa, 2003.
3. T. Tidwell, R. Larson, K. Fitch, and J. Hale, "Modeling internet attacks," in Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, June 2001.
4. Castor, "The castor project." http://www.castor.org/.
5. E. Ftiedman-Hill, "Jess, the java expert system shell." http://herzberg.ca.sandia.gov/jess/.
6. S. Jha, O. Sheyner, and J. Wing, "Minimization and reliability analyses of attack graphs," in Proceedings of the Computer Security Foundations Workshop, pp. 49-63, February 2002.
7. O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J. Wing, "Automated generation and analysis of attack graphs," in Proceedings of the IEEE Symposium on Security and Privacy, pp. 273-284, May 2002.
8. S. Russell and P. Norvig, Artificial Intelligence A Modern Approach. Prentice Hall, 2003.
9. J. Andrews and T. Moss, Reliability and Risk Assessment. The American Society of Mechanical Engineers, 2002.
10. J. Howard, An Analysis of Security Incidents on the Internet 1989-1995. PhD thesis, Carnegie Mellon University, 1997.
11. I. Internet Security Systems, "Internet scanner." http://www.iss.net.
12. J. McDermott, "Attack net penetration testing," in Proceedings of the 2000 workshop on New security paradigms, pp. 15-21, 2001.
13. Nessus. http://www.nessus.org.
14. Rapid7, Inc, "NeXpose." http://www.rapid7.com.
15. B. Schneier, "Attack trees: Modeling security threats," Dr. Dobb's Journal, pp. 21-29, December 1999.
16. B. Schneier, Secrets and Lies, pp. 318-333. John Wiley and Sons, 2000.
17. G. H. et al., "A software fault tree approach to requirements analysis of an intrusion detection system," Requirements Engineering, vol. volume 7, no. 4, pp. 207-220, 2002.
18. C. Phillips and L. Swiler, "A graph-based system for network-vulnerability analysis," in Proceedings of the 1998 Workshop on New Security Paradigms, pp. 71-79, 1998.
19. S. Kumar, Classification and Detection of Computer Intrusions. PhD thesis, Purdue University, August 1995.
20. M. Slagell, "The design and implementation of maids," Master's thesis, Iowa State University, 2001.