“…The main idea is to capture potential system vulnerabilities, and then extract all possible attack paths. The generated graph can be used to compute security metrics (Kotenko and Stepashkin, 2006;Wang et al, 2007Wang et al, , 2008b, to qualitatively assess the security strength of a network (Pamula et al, 2006;Wang et al, 2006), to identify the most critical assets in the organization (Sawilla and Ou, 2008), or for security visualization (Noel et al, 2005). In particular, Noel and Jajodia (2008) uses an approach called Topological Vulnerability Analysis (TVA) (Jajodia et al, 2005;Jajodia and Noel, 2008) to match network configuration with attack simulation in order to optimize IDS sensor placement and to prioritize IDS alerts.…”