Attack Graph Based Evaluation of Network Security

Kotenko, Igor; Stepashkin, Mikhail

doi:10.1007/11909033_20

Cited by 72 publications

(41 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The main idea is to capture potential system vulnerabilities, and then extract all possible attack paths. The generated graph can be used to compute security metrics (Kotenko and Stepashkin, 2006;Wang et al, 2007Wang et al, , 2008b, to qualitatively assess the security strength of a network (Pamula et al, 2006;Wang et al, 2006), to identify the most critical assets in the organization (Sawilla and Ou, 2008), or for security visualization (Noel et al, 2005). In particular, Noel and Jajodia (2008) uses an approach called Topological Vulnerability Analysis (TVA) (Jajodia et al, 2005;Jajodia and Noel, 2008) to match network configuration with attack simulation in order to optimize IDS sensor placement and to prioritize IDS alerts.…”

Section: Related Workmentioning

confidence: 99%

Cyber-physical security metric inference in smart grid critical infrastructures based on system administrators' responsive behavior

Zonouz

Haghani

2013

Computers & Security

View full text Add to dashboard Cite

Section: Related Workmentioning

confidence: 99%

Cyber-physical security metric inference in smart grid critical infrastructures based on system administrators' responsive behavior

Zonouz

Haghani

2013

Computers & Security

View full text Add to dashboard Cite

“…Анализ событий безопасности на основе использования си-стемы моделирования сетевых атак. В проекте предлагается внед-рить в существующие SIEM-системы дополнительную функциональ-ность -подсистему моделирования атак, которая позволит расширить возможности и повысить точность выявления инцидентов, связанных с информационной безопасностью [26][27][28][29][30][31][32][33][34].…”

Section: (Prelude Log Monitoring Lackey Prelude-lml)unclassified

Application of security information and event management technology for information security in critical infrastructures

Kotenko¹,

Saenko²,

Полубелова³

et al. 2014

Тр. СПИИРАН

View full text Add to dashboard Cite

Abstract. Application of SIEM (Security Information and Event Management) technology is promising in the field of information protection, especially for critical infrastructures. The paper considers the general issues of construction and operation of systems that implement this technology. The known implementations of such systems are described. The paper also discusses the peculiarities of the MASSIF project of the seventh framework program of the European Union which is devoted to advanced SIEM systems. We outline two key tasks of the project associated with the analysis of security events, based on the modeling of network attacks, and building the SIEM repository.

show abstract

“…As most of the tools and techniques for forensics and anti-forensics are available open source and are exploited to a great extent, even by the script kiddies. Numerous tutorials are available on internet which provide handful of information about hacking and data theft (Kotenko & Stepashkin, 2006). Another area is the incorporation of anti-forensics such as data hiding, hiding IP, network steganography, data destruction, obfuscation and log cleaning into attacks to hinder the investigation (W. Wang & Daniels, 2008).…”

Section: Background and Motivationmentioning

confidence: 99%

Attack Graph Analysis for Network Anti-Forensics

Chandran

Yan

2014

International Journal of Digital Crime and Forensics

View full text Add to dashboard Cite

The development of technology in computer networks has boosted the percentage of cyber-attacks today. Hackers are now able to penetrate even the strongest IDS and firewalls. With the help of anti-forensic techniques, attackers defend themselves, from being tracked by destroying and distorting evidences. To detect and prevent network attacks, the main modus of operandi in network forensics is the successful implementation and analysis of attack graph from gathered evidences. This paper conveys the main concepts of attack graphs, requirements for modeling and implementation of graphs. It also contributes the aspect of incorporation of anti-forensic techniques in attack graph which will help in analysis of the diverse possibilities of attack path deviations and thus aids in recommendation of various defense strategies for better security. To the best of our knowledge, this is the first time network anti-forensics has been fully discussed and the attack graphs are employed to analyze the network attacks. The experimental analysis of anti-forensic techniques using attack graphs were conducted in the proposed test-bed which helped to evaluate the model proposed and suggests preventive measures for the improvement of security of the networks.

show abstract

Attack Graph Based Evaluation of Network Security

Cited by 72 publications

References 10 publications

Cyber-physical security metric inference in smart grid critical infrastructures based on system administrators' responsive behavior

Cyber-physical security metric inference in smart grid critical infrastructures based on system administrators' responsive behavior

Application of security information and event management technology for information security in critical infrastructures

Attack Graph Analysis for Network Anti-Forensics

Contact Info

Product

Resources

About