Network risk management using attacker profiling

Security and Communication Networks

Volumn 2, Issue 1, 2009, Pages 83-96

  Dantu, Ram ^a   Kolan, Prakash ^b   Cangussu, João ^c  

^a Center for Advanced Research and Technology   (United States)

^b UNIVERSITY OF NORTH TEXAS   (United States)

^c The University of Texas at Dallas   (United States)

Author keywords

Attack graphs; Behavior; Risk management

Indexed keywords

NETWORK SECURITY; RISK ANALYSIS; RISK ASSESSMENT; RISK PERCEPTION;

ATTACK GRAPH; BEHAVIOR; DESIGN AND OPERATIONS; FINANCIAL ABILITIES; NETWORK CONFIGURATION; SECURITY ADMINISTRATOR; SYSTEM ADMINISTRATORS; TECHNOLOGICAL SYSTEM;

RISK MANAGEMENT;

EID: 77954868663     PISSN: 19390114     EISSN: 19390122     Source Type: Journal    
DOI: 10.1002/sec.58     Document Type: Article

References (27)

1. Desmond J. Checkmate IDS tries to anticipate hackers actions. www.esecurityplanet.com/prodser [12 June], 2003.
2. Jackson G, Checkmate intrusion protection system: evolution or revolution. Psynapse Technologies, January 1, 2003, available at http://cnscenter.future.co.kr/resource/security/ids/whitepaper.pdf
3. Richarte G. Modern intrusion practices. CORE Security Technologies, http://wwwl.corest.com/common/showdoc.php7idx= 360&idxseccion=13&idxmen [July] 2003.
4. Yuill J, Wu SF, Gong F, Ming-Yuh H. Intrusion detection for an on-going attack. RAID symposium, 1999.
5. Chandler A. Changing definition of hackers in popular discourse. International Journal of Sociology and Law 1996; 24(2): 229-252.
6. Jasanoff S. A sociology of hackers. The Sociological Review 1998; 46(4): 757-780.
7. Dantu R, Kolan P. Survey of behavior profiles. http://secnet. csci.unt.edu/risk/, 2006.
8. Rowley I. Managing in an uncertain world: risk analysis and the bottom line. IEEE Colloquium on Systems Engineering Contribution to Increased Profitability, October 1989.
9. Kleen L. Malicious hackers: a framework for analysis and case study. Ph.D. Thesis, Air Force Institute of Technology, Ohio, 2001.
10. Foreward, by Bred Powell. Know Your Enemy Motives: The Motives and Psychology of the Black-hat Community. Honeynet Project (Whitepaper) http://www.honeynet.org/papers/motives/index.html
11. Loper K. The criminology of computer hackers: a qualitative and quantitative analysis Ph.D. Thesis, Michigan State University, 2000.
12. Rogers M. Running head: theories of crime and hacking. MS Thesis, University of Manitoba, 2003.
13. Rogers M. The psychology of hackers: A new taxonomy. Paper presented at the RSA World Security Conference, San Jose, California, Feb 1999.
14. Scheiner B. Attack trees: modeling security threats. Dr. Dobb 's Journal, December 1999 http://www.ddj.com/184411129.
15. Sheyner O, Joshua HJ, Jha S, Lippmann R, Wing JM. Automated generation and analysis of attack graphs. IEEE Symposium on Security and Privacy, 2002.
16. Moore AP, Ellison RJ, Linger RC. Attack modeling for information security and survivability. Technical Note, CMU/SE1-2001-TN-001, March 2001.
17. Dantu R. Intrusion detection using attacker profiles. Work in Progress, 19th Annual Computer Security Applications Conference(ACSAC), Las Vegas, 2003.
18. Dantu R, Loper K, Kolan P. Risk management using behavior based attack graphs. IEEE International Conference on Information Technology (ITCC), April 2004.
19. Dantu R, Kolan P. Risk management using behavior based Bayesian networks. Springer Verlag, Lecture Notes in Computer Science (LNCS), 2005.
20. Swiler LP, Phillips C, Ellis D, Chakerian S. Computer-attack graph generation tool. IEEE Symposium on Security and Privacy, 2001.
21. Castillo E, Gutierrez JM, Hadi AS. Sensitivity analysis in discrete Bayesian networks. IEEE Transactions on Systems, Man, and Cybernatics 1997; 27(4): 412-423.
22. WINBUGS-http://www.mrc-bsu.cam.ac.uk/bugs
23. HUGIN DEMO-http://www.HUGIN.com/
24. Ou X, Govindavajhala S, Appel AW. MulVAL: a logic-based network security analyzer. 14th Usenix Security Symposium, August 2005.
25. Noel S, Jajodia S. Understanding complex network attack graphs through clustered adjacency matrices. Annual Computer Security Applications Conference, December 2005.
26. Noel S, Robertson E, Jajodia S. Correlating intrusion events and building attack scenarios through attack graph distances. Proceedings of the 20th Annual Computer Security Applications Conference, 2004.
27. Sardal K, Wijesekera D, Jajodia S. Implementing consistency checking in correlating attacks. Lecture Notes in Computer Science, 2004.