HARMs: Hierarchical attack representation models for network security analysis

Proceedings of the 10th Australian Information Security Management Conference, AISM 2012

Volumn , Issue , 2012, Pages 74-81

  Hong, Jin ^a   Kim, Dong Seong ^a  

^a UNIVERSITY OF CANTERBURY   (New Zealand)

Author keywords

Attack graph; Attack tree; Complexity analysis; Hierarchical model; Scalability; Security assessment

Indexed keywords

COMPLEX NETWORKS; ELECTRIC NETWORK TOPOLOGY; GRAPHIC METHODS; HIERARCHICAL SYSTEMS; SCALABILITY; TREES (MATHEMATICS);

ATTACK GRAPH; ATTACK TREE; COMPLEXITY ANALYSIS; HIERARCHICAL MODEL; SECURITY ASSESSMENT;

NETWORK SECURITY;

EID: 84917684585     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (23)

1. Chew, E., Swanson, M., Stine, K., Bartol. N., Brown, A., & Robinson, W. (2008) Security metrics guide for information technology systems. 800-55, N. S. P.
2. Ahn, Y., Han, S., Kwak, H., Moon, S., & Jeong, H. (2007). Analysis of topological characteristics of huge online social networking services. In Proc. of International conference on world wide web (WWW 2007) (pp. 835-844). New York, NY, USA: ACM. Retrieved from http://doi.ACM.org/10.1145/1242572.1242685 doi: 10.1145/1242572.1242685
3. Alata, E., Nicomette, V., Kaaniche, M., Dacier, M., & Herrb, M. (2006). Lessons learned from the deployment of a high-interaction honeypot. In Proc. of European dependable computing conference (EDCC 2006) (p. 39-46). doi:0.1109/EDCC.2006.17
4. Albanese, M., Jajodia, S., & Noel, S. (2012). Time efficient and cost-effective network hardening using attack graphs. In Proc. of IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012). doi: http://doi.IEEEcomputersociety.org/10.1109/DSN.2012.6263942
5. Dawkins, J., & Hale, J. (2004). A systematic approach to multi-stage network attack analysis. In Proc. of IEEE international information assurance workshop (IWIA 2004) (p. 48-56). doi:10.1109/IWIA.2004.1288037
6. Edge, K. (2007). A framework for analyzing and mitigating the vulnerabilities of complex systems via attack and protection trees. Doctoral dissertation, Air Force Institute of Technology.
7. Edge, K., Raines, R., Grimaila, M., Baldwin, R., Bennington, R., & Reuter, C. (2007). The use of attack and protection trees to analyze security for an online banking system. In Proc. of Hawaii international conference on system sciences (HICSS2007) (pp. 144-151).
8. Hwang, K., & Gangadharan, M. (2001). Micro-firewalls for dynamic network security with distributed intrusion detection. In Proc. of IEEE international symposium on network computing and applications (NCA 2001) (pp. 68-79). doi:10.1109/NCA.2001.962517
9. Ingols, K., Chu, M., Lippmann, R., Webster, S., & Boyer, S. (2009). Modeling modern network attacks and countermeasures using attack graphs. In Proc. of annual computer security applications conference (ACSAC 2009) (pp. 117-126). IEEE.
10. Ingols, K., Lippmann, R., & Piwowarski, K. (2006). Practical attack graph generation for network defense. In Proc. of annual computer security applications conference (ACSAC 2006) (p. 121-130). doi:10.1109/ACSAC.2006.39
11. Mirkovic, J., Benzel, T., Faber, T., Braden, R., Wroclawski, J., & Schwab, S. (2010). The deter project: Advancing the science of cyber security experimentation and test. In Proc. of IEEE international conference on technologies for homeland security (HST 2010) (p. 1-7). doi:10.1109/THS.2010.5655108
12. Moore, A., Ellison, R., & Linger, R. (2001). Attack modeling for information security and survivability. CMU/SEI-2001-TN-001.
13. Ou, X., Boyer, W., & McQueen, M. (2006). A scalable approach to attack graph generation. In Proc. of ACM conference on computer and communications security (CCS 2006) (pp. 336-345). ACM.
14. Saini, V., Duan, Q., & Paruchuri, V. (2008). Threat modeling using attack trees. J. Comput. Sci. Coll., 23(4), 124-131. Retrieved from http://dl.ACM.org/citation.cfm?id=1352079.1352100
15. Schneier, B. (1999). Modeling security threats. Dr. Dobb's journal, 24(12).
16. Schneier, B. (2000). Secrets and lies: Digital security in a networked world. John Wiley and Sons Inc., Indianapolis, Indiana
17. King, S. (2010). Science of cybersecurity. Retrieved from http://www.fas.org/irp/agency/dod/jason/cyber.pdf
18. Sharma, A., Kalbarczyk, Z., Barlow, J., & Iyer, R. (2011). Analysis of security data from a large computing organization. In Proc. of IEEE/IFIP International Conference on dependable systems networks (DSN 2011) (p. 506-517). doi:10.1109/DSN.2011.5958263
19. Sheyner, O., Haines, J., Jha, S., & Wing, R. L. J. (2002). Automated generation and analysis of attack graphs (Tech. Rep.). CMU.
20. Theodorakopoulos, G., Baras, J., & Le Boudec, J. (2008). Dynamic network security deployment under partial information. In Proc. of annual allerton conference on communication, control, and computing (CCC 2008) (pp. 261-267). doi:10.1109/ALLERTON.2008.4797565
21. Xie, A., Cai, Z., Tang, C., Hu, J., & Chen, Z. (2009). Evaluating network security with two-layer attack graphs. In Proc. of annual computer security applications conference (ACSAC 2009) (p. 127-136). doi:10.1109/ACSAC.2009.22
22. Zhu, Y., Hu, H., Ahn, G., Huang, D., & Wang, S. (2012). Towards temporal access control in cloud computing. In Proc. of annual IEEE international conference on computer communications (INFOCOM 2012) (p. 2576-2580). doi:10.1109/INFCOM.2012.6195656
23. Roy, A., and Kim., D. S., Trivedi, K. (2012). Scalable optimal countermeasure selection using implicit enumeration on attack countermeasure trees. In Proc. of IEEE/IFIP International Conference on Dependable Systems and Networks (DNS 2012) doi: http://doi.ieeecomputersociety.org/10.1109/DSN.2012.6263940