Building network attack graph for alert causal correlation

Computers and Security

Volumn 27, Issue 5-6, 2008, Pages 188-196

  Zhang, Shaojun ^a   Li, Jianhua ^a   Chen, Xiuzhen ^a   Fan, Lei ^a  

^a SHANGHAI JIAO TONG UNIVERSITY   (China)

Author keywords

Alert causal correlation; Attack graph; Exploit; Monotonic assumption; Network connectivity; Network security; Object oriented; Vulnerability

Indexed keywords

COMPUTER CRIME; CORRELATION METHODS; INTERNET; POLYNOMIAL APPROXIMATION;

ALERT CAUSAL CORRELATION; ATTACK GRAPH; ATTACK GRAPHS; ATTACK SCENARIOS; CAUSAL RELATIONSHIPS; EXPLOIT; HETEROGENEOUS DEVICES; MONOTONIC ASSUMPTION; NETWORK ADMINISTRATORS; NETWORK ATTACKS; NETWORK CONNECTIVITY; NETWORK SECURITY; OBJECT-ORIENTED; POLYNOMIAL-TIME; PROTOTYPE SYSTEMS; SECURITY ALERTS; VULNERABILITY;

GRAPH THEORY;

EID: 53049102892     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.cose.2008.05.005     Document Type: Article

References (17)

1. Ammann P, Wijesekera D, Kaushik S. Scalable, graph-based network vulnerability analysis. In: Proceedings of ninth ACM conference on computer and communications security, Washington, DC, Nov 2002.
2. Artz M. NetSPA, a network security planning architecture. M.S. thesis, Cambridge: Massachusetts Institute of Technology; May 2002.
3. Chen X., Zheng Q., Guan X., et al. Multiple behavior information fusion based quantitative threat evaluation. Computers and Security 24 (2005) 218-231
4. Cuppens F, Miege A. Alert correlation in a cooperative intrusion detection framework. In: Proceedings of the 2002 IEEE symposium on security and privacy, May 2002.
5. Dacier M, Deswarte Y. The privilege graph: an extension to the typed access martrix model. In: European symposium in computer security, Nov 1994.
6. Jajodia S., Noel S., and O'Berry B. Topological analysis of network attack vulnerability. In: Kumar V., Srivastava J., and Lazarevic A. (Eds). Managing Cyber Threats: Issues, Approaches and Challenges (2004), Kluwer Academic Publisher
7. Mayer A, Wool A, Elisha Z. Fang: a firewall analysis engine. In: Proceedings of the IEEE symposium on security and privacy, May 2000.
8. Ning P, Cui Y, Reeves DS. Constructing attack scenarios through correlation of intrusion alerts. In: Proceedings of the ninth ACM conference on computer and communications security, Washington, DC, Nov 2002.
9. Noel S, Jajodia S, O'Berry B, Jacobs M. Efficient minimum-cost network hardening via exploit dependency graphs. In: Proceedings of 19th annual computer security applications conference, Las Vegas, Nevada, Dec 2003.
10. Noel S, Robertson E, Jajodia S. Correlating intrusion events and building attack scenarios through attack graph distances. In: Proceedings of the 20th annual computer security applications conference, 2004.
11. Ritchey R, Ammann P. Using model checking to analyze network vulnerabilities. In: Proceedings of 2000 IEEE symposium on security and privacy, Oakland, California, 2000.
12. Ritchey R, O'Berry B, Noel S. Representing TCP/IP connectivity for topological analysis of network security. In: Proceedings of 18th annual computer security applications conference, Las Vegas, Nevada, Dec 2002.
13. Sheyner O, Haines J, Jha S, Lippmann R, Wing J. Automated generation and analysis of attack graphs. In: Proceedings of 2002 IEEE symposium on security and privacy, Oakland, California, 2002.
14. http://www.snort.org, web page [accessed 18.10.07].
15. http://osvdb.org, web page [accessed 18.10.07].
16. http://oval.mitre.org, web page [accessed 18.10.07].
17. Wang L, Liu A, Jajodia S. An efficient and unified approach to correlating, hypothesizing, and predicting intrusion alerts. In: Proceedings of the 10th European symposium on research in computer security application conference, 2004.