Realtime intrusion risk assessment model based on attack and service dependency graphs

Shameli‐Sendi, Alireza; Dagenais, Michel R.; Wang, Lingyu

doi:10.1016/j.comcom.2017.12.003

Cited by 11 publications

(3 citation statements)

References 31 publications

(47 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This helps to calculate the impact of current attacks and assess future impacts. Shameli-Sendi et al [91] propose a model combining attack graphs and service dependency graphs based on LAMBDA functions. These functions determine the attacker knowledge level and the attack impact on security attributes CIA (confidentiality, integrity, and availability).…”

Section: ) Attack Graphs and Treesmentioning

confidence: 99%

Systematic Literature Review of Security Event Correlation Methods

2022

View full text Add to dashboard Cite

Security event correlation approaches are necessary to detect and predict incremental threats such as multi-step or targeted attacks (advanced persistent threats) and other causal sequences of abnormal events. The use of security event correlation techniques also makes it possible to reduce the volume of the original data stream by grouping the events and eliminating their redundancy. The variety of event correlation methods, in turn, requires choosing the most appropriate way to handle security events, depending on the purpose and available resources. This paper presents a systematization of security event correlation methods into several categories, such as publication year, applied correlation methods, knowledge extraction methods, used data sources, architectural solutions, and quality evaluation of correlation methods. The research method is a systematic literature review, which includes the formulation of research questions, the choice of keywords and criteria for inclusion and exclusion. The review corpus is formed by using search queries in Google Scholar, IEEE Xplore, ACM Digital Library, ScienceDirect, and selection criteria. The final review corpus includes 127 publications from the existing literature for 2010-2021 and reflects the current state of research in the security event correlation field. The results of the analysis include the main directions of research in the field of event correlation and methods used for correlation both single events and their sequences in attack scenarios. The review also describes the datasets and metrics used to evaluate security event correlation approaches. In conclusion, the existing problems and possible ways to overcome them are identified. The main contribution of the review is the most complete classification and comparison of existing approaches to the security event correlation, considered not only from the point of view of the algorithm, but also the possibility of unknown attack detection, architectural solutions and the use of event initial data.

show abstract

Section: ) Attack Graphs and Treesmentioning

confidence: 99%

Systematic Literature Review of Security Event Correlation Methods

2022

View full text Add to dashboard Cite

show abstract

“…Further offensive testing approaches against web applications and networks can be found in Duchene et al (2014), Felderer et al (2016, Sudhodanan et al (2016), andShameli-Sendi et al (2017), respectively. A general introduction and analysis of model-based testing is elaborated in Krämer and Legeard (2016) .…”

Section: Related Workmentioning

confidence: 99%

“…This implies a reduction of testing time but still ensures the ability to identify causes of vulnerabilities. Some other techniques rely on models, either of the application (Krämer and Legeard 2016;Felderer et al 2016) or of the attacks themselves (Duchene et al 2014;Shameli-Sendi et al 2017). A system under test (SUT) is checked regarding whether it behaves in line with its specification using a graphical representation that corresponds to the SUT's expected behavior.…”

Section: Introductionmentioning

confidence: 99%

Planning-based security testing of web applications with attack grammars

Božić

Wotawa

2020

Software Qual J

View full text Add to dashboard Cite

Web applications are deployed on machines around the globe and offer almost universal accessibility. These applications assure functional interconnectivity between different components on a 24/7 basis. One of the most important requirements is data confidentiality and secure authentication. However, implementation flaws and unfulfilled requirements often result in security leaks that malicious users eventually exploited. In this context, the application of different testing methods is of utmost importance in order to detect software defects during development and to prevent unauthorized access in advance. In this paper, we contribute to test automation for web applications. In particular, we focus on using planning for testing where we introduce underlying models covering attacks and their use in testing of web applications. The planning model offers a high degree of extendibility and configurability and as well overcomes limits of traditional graphical representations. New testing possibilities emerge that eventually lead to better vulnerability detection, therefore ensuring more secure web services and applications.

show abstract