Extending Attack Graph-Based Security Metrics and Aggregating Their Application

Idika, Nwokedi C.; Bhargava, Bharat

doi:10.1109/tdsc.2010.61

Cited by 112 publications

(85 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It facilitates the process of assessing the risk and identifying the actual vulnerable point on the attack path both statically or dynamically. Researchers have proposed different matrices for risk assessment over the years: rate at which the asset can be acquired, measure of risk based on the weakest path, measurement based on the number of attacks, length of the shortest path and standard deviation, normalized mean, median and mode of the length of the paths [15,41,42,43,44]. Munoz-Gonzalez et al developed their approach for analyzing an attack tree based on Bayesian Attack Graph(BAG) and used the Common Vulnerability Scoring System(CVSS) values as a standard of measurement [45].…”

Section: B Attack Graph Analysismentioning

confidence: 99%

An Evolutionary Approach of Attack Graph to Attack Tree Conversion

Haque¹,

Atkison²

2017

IJCNIS

View full text Add to dashboard Cite

Abstract-The advancement of modern day computing has led to an increase of threats and intrusions. As a result, advanced security measurements and threat analysis models are necessary to detect these threats and identify protective measures needed to secure a system. Attack graphs and attack trees are the most popular form of attack modeling today. While both of these approaches represent the possible attack steps followed by an attacker, attack trees are architecturally more rigorous than attack graphs and provide more insights regarding attack scenarios. The goal of this research is to identify the possible direction to construct attack trees from attack graphs analyzing a large volume of data, alerts or logs generated through different intrusion detection systems or network configurations. This literature summarizes the different approaches through an extensive survey of the relevant papers and identifies the current challenges, requirements and limitations of an efficient attack modeling approach with attack graphs and attack trees. A discussion of the current state of the art is presented in the later part of the paper, followed by the future direction of research.

show abstract

Section: B Attack Graph Analysismentioning

confidence: 99%

An Evolutionary Approach of Attack Graph to Attack Tree Conversion

Haque¹,

Atkison²

2017

IJCNIS

View full text Add to dashboard Cite

show abstract

“…In another early work, D.balzarotti, M.Monga and S. Sicari [5] propose a Cooke's classical method that will find previously unknown vulnerability in the software. An attack tree marked with abstract exploitability and hazard is passed to find sequences of attacks that corresponds to the easiest paths followed by potential attackers, and the amount of minimum effort needed along such paths is used as a security metric.…”

Section: Related Workmentioning

confidence: 99%

Detection and Prevention of Unknown Vulnerabilities on Enterprise IP Networks

Rose¹

2015

IJRITCC

View full text Add to dashboard Cite

Abstract-Computer networks have long become the backbone of Enterprise Information System. The substantial share of the security problems are still encountered in Enterprise Network. Cyber espionage can effect Ethical, Military, Political and Economic interest an ywhere. To provide secure computer networks, it is necessary to measure the relative effectiveness of security solution in the network. A network security metric enable a direct measurement and comparison of the amounts of security provided by different security solutions .In this paper we propose a novel security metric Zero Day Vulnerability Prevention Framework consists of bunches of algorithms. The above framework detects and prevents unknown vulnerabilities in Enterprise IP networks. It also protects the behavior of the sessions performed by the user from the huge range of attacks. It helps in monitoring database requests and prevents the attacks. The proposed framework also implements worm and virus detection to evaluate malware from the data. The system also presents scoring to the vulnerabilities and finally it performs security analysis with the help of Topological Vulnerability Analysis (TVA) tool.

show abstract

“…Idika and Bhargava [12] make a number of crucial observations on the limitations of existing attack graphbased security metrics. The authors propose combining the existing metrics when comparing two enterprise networks, and use additional metrics (called "assistive metrics") when the main metrics (called "decision metrics") cannot correctly differentiate the security levels of two systems.…”

Section: Related Workmentioning

confidence: 99%

“…This is due to the nature of d-separating set D, so that all n ∈ N are conditionally independent given D. When N contains exactly one element, the algorithm first checks whether a base case has been reached (line 8,12,16). If none of the base cases is reached, the algorithm recursively calls itself on the predecessors of n (line 21 and 23).…”

Section: : End Ifmentioning

confidence: 99%

Aggregating vulnerability metrics in enterprise networks using attack graphs

Homer

Zhang

et al. 2013

JCS

View full text Add to dashboard Cite

Quantifying security risk is an important and yet difficult task in enterprise network security management. While metrics exist for individual software vulnerabilities, there is currently no standard way of aggregating such metrics. We present a model that can be used to aggregate vulnerability metrics in an enterprise network, producing quantitative metrics that measure the likelihood breaches can occur within a given network configuration. A clear semantic model for this aggregation is an important first step toward a comprehensive network security metric model. We utilize existing work in attack graphs and apply probabilistic reasoning to produce an aggregation that has clear semantics and sound computation. We ensure that shared dependencies between attack paths have a proportional effect on the final calculation. We correctly reason over cycles, ensuring that privileges are evaluated without any self-referencing effect. We introduce additional modeling artifacts in our probabilistic graphical model to capture and account for hidden correlations among exploit steps. The paper shows that a clear semantic model for aggregation is critical in interpreting the results, calibrating the metric model, and explaining insights gained from empirical evaluation. Our approach has been rigorously evaluated using a number of network models, as well as data from production systems.

show abstract

Extending Attack Graph-Based Security Metrics and Aggregating Their Application

Cited by 112 publications

References 17 publications

An Evolutionary Approach of Attack Graph to Attack Tree Conversion

An Evolutionary Approach of Attack Graph to Attack Tree Conversion

Detection and Prevention of Unknown Vulnerabilities on Enterprise IP Networks

Aggregating vulnerability metrics in enterprise networks using attack graphs

Contact Info

Product

Resources

About