Extending attack graph-based security metrics and aggregating their application

IEEE Transactions on Dependable and Secure Computing

Volumn 9, Issue 1, 2012, Pages 75-85

  Idika, Nwokedi ^a   Bhargava, Bharat ^b  

^a MIT LINCOLN LABORATORY   (United States)

^b Purdue University   (United States)

Author keywords

measurement; measurement techniques; Network level security and protection

Indexed keywords

GRAPH THEORY; GRAPHIC METHODS; MEASUREMENT; SECURITY SYSTEMS;

ATTACK GRAPH; ATTACK PATH; MEASUREMENT TECHNIQUES; NETWORK-LEVEL SECURITY AND PROTECTION; SECURITY METRICS; SECURITY POLICY; SHORTEST PATH; SIMULATED RESULTS;

NETWORK SECURITY;

EID: 81455142740     PISSN: 15455971     EISSN: None     Source Type: Journal    
DOI: 10.1109/TDSC.2010.61     Document Type: Article

References (21)

1. SSE-CMM, http://www.sse-cmm.org/metric/metric.asp, 2010.
2. http://www.cve.mitre.org, MITRE CVE, July 2010.
3. G. Vigna and R. Kemmerer, "Netstat: A Network-Based Intrusion Detection System," J. Computer Security, vol. 7, 1999.
4. S. Noel and S. Jajodia, "Managing Attack Graph Complexity through Visual Hierarchical Aggregation," Proc. ACM Workshop Visualization and Data Mining for Computer Security, pp. 109-118, 2004. (Pubitemid 40821179)
5. C. Weissman, "System Security Analysis/Certication Methodology and Results," Technical Report SDC SP-3728, 1973.
6. N. Idika, B. Marshall, and B. Bhargava, "Maximizing Security given a Limited Budget," Proc. TAPIA '09: Richard Tapia Celebration of Diversity in Computing, Apr. 2009.
7. R. Lippmann, K. Ingols, C. Scott, K. Piwowarski, K. Kratkiewicz, M. Artz, and R. Cunningham, "Validating and Restoring Defense in Depth Using Attack Graphs," Proc. Military Communications Conf., Oct. 2006.
8. J. Pamula, S. Jajodia, P. Ammann, and V. Swarup, "A Weakest-Adversary Security Metric for Network Configuration Security Analysis," Proc. Second ACM Workshop Quality of Protection, pp. 31-38, 2006. (Pubitemid 47165622)
9. S. Jha, O. Sheyner, and J. Wing, "Two Formal Analyses of Attack Graphs," Proc. 15th IEEE Computer Security Foundations Workshop, June 2002.
10. R. Dantu and P. Kolan, "Risk Management Using Behavior Based Bayesian Networks," Intelligence and Security Informatics, pp. 115-126, 2005. (Pubitemid 41314426)
11. L. Wang, T. Islam, T. Long, A. Singhal, and S. Jajodia, "An Attack Graph-Based Probabilistic Security Metric," Proc. Data and Applications Security (DAS '08), pp. 283-296, 2008.
12. L. Wang, A. Singhal, and S. Jajodia, "Measuring Overall Security of Network Configurations Using Attack Graphs," Data and Applications Security XXI, vol. 4602, pp. 98-112, Aug. 2007.
13. P. Mell, K. Scarfone, and S. Romanosky, "Common Vulnerability Scoring System," IEEE Security and Privacy, vol. 4, pp. 85-89, Nov./Dec. 2006. (Pubitemid 44925881)
14. C. Phillips and L.P. Swiler, "A Graph-Based System for Network-Vulnerability Analysis," NSPW '98: Proc. Workshop New Security Paradigms. pp. 71-79, 1998.
15. R. Ortalo, Y. Deswarte, and M. Kaaniche, "Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security," IEEE Trans. Software Eng., vol. 25, pp. 633-650, Sept. 1999. (Pubitemid 30541841)
16. E. Jonsson and T. Olovsson, "A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior," IEEE Trans. Software Eng., Apr. 1997.
17. G. Schudel and B. Wood, "Adversary Work Factor as a Metric for Information Assurance," Proc. 2000 Workshop New Security Paradigms, pp. 23-30, 2001.
18. K. Ingols, R. Lippmann, and K. Piwowarski, "Practical Attack Graph Generation for Network Defense," Proc. Computer Security Applications Conf., pp. 121-130, Dec. 2006. (Pubitemid 351232908)
19. W. Li and R. Vaughn, "Cluster Security Research Involving the Modeling of Network Exploitations Using Exploitation Graphs," Proc. Sixth IEEE Int'l Symp. Cluster Computing and Grid Workshops, May 2006.
20. S. Noel, M. Jacobs, P. Kalapa, and S. Jajodia, "Multiple Coordinated Views for Network Attack Graphs," Proc. IEEE Workshop Visualization for Computer Security, pp. 99-106, 2005. (Pubitemid 44523253)
21. P. Dupount, "Laplace and the Indifference Principle in the 'Essai Philosophique Des Probabilits'," Rend. Sem. Mat. Univ. Politec. Torino, vol. 36, pp. 125-137, 1977/78.