ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
A graph-based system for network-vulnerability analysis
Full text PdfPdf (749 KB)
Source New Security Paradigms Workshop archive
Proceedings of the 1998 workshop on New security paradigms table of contents
Charlottesville, Virginia, United States
Pages: 71 - 79  
Year of Publication: 1998
ISBN:1-58113-168-2
Authors
Cynthia Phillips  Sandia National Laboratories, MS 1110, Albuquerque, NM
Laura Painton Swiler  Sandia National Laboratories, MS 0746, Albuquerque, NM
Sponsor
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 34,   Downloads (12 Months): 237,   Citation Count: 24
Additional Information:

references   cited by   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/310889.310919
What is a DOI?

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Burch, C., Krumke, S., Marathe, M., Phillips C., and Sundberg, E. "Multicriteria Approximation Through Decomposition", submitted, 1998.
 
2
Boris V. Cherkassky , Andrew V. Goldberg , Tomasz Radzik, Shortest paths algorithms: theory and experimental evaluation, Mathematical Programming: Series A and B, v.73 n.2, p.129-174, May 31, 1996  [doi>10.1007/BF02592101]
 
3
Dacier, M., Y. Deswarte, and M. Kaaniche. "Quantitative Assessment of Operational Security: Models and Tools." LAAS Research Report 96493, May 1996.
 
4
Dorothy E. Denning, An intrusion-detection model, IEEE Transactions on Software Engineering, v.13 n.2, p.222-232, Feb. 1987  [doi>10.1109/TSE.1987.232894]
 
5
Michael R. Garey , David S. Johnson, Computers and Intractability: A Guide to the Theory of NP-Completeness, W. H. Freeman & Co., New York, NY, 1979
 
6
John Douglas Howard, An analysis of security incidents on the Internet 1989-1995, Carnegie Mellon University, Pittsburgh, PA, 1998
 
7
Internet Security Systems, Inc. 41 Perimeter Center East, Suite 550, Atlanta, GA 30346. Creator of the X-force database, accessed via http://www.iss.net/xforce.
 
8
Ulf Lindqvist , Erland Jonsson, A Map of Security Risks Associated with Using COTS, Computer, v.31 n.6, p.60-66, June 1998  [doi>10.1109/2.683009]
 
9
Teresa F. Lunt, A survey of intrusion detection techniques, Computers and Security, v.12 n.4, p.405-418, June 1993  [doi>10.1016/0167-4048(93)90029-5]
 
10
Meadows, C., "A representation of Protocol Attacks for Risk Assessment", Network Threats, DIMACS Series in Discrete Mathematics and Theoretical Computer Science, Vol. 38, R. N. Wright and P.G. Neumann editors, American Mathematical Society, pp. 1-10.
11
Ira S. Moskowitz , Myong H. Kang, An insecurity flow model, Proceedings of the 1997 workshop on New security paradigms, p.61-74, September 23-26, 1997, Langdale, Cumbria, United Kingdom  [doi>10.1145/283699.283741]
 
12
Dalit Naor , Douglas L. Brutlag, On Suboptimal Alignments of Biological Sequences, Proceedings of the 4th Annual Symposium on Combinatorial Pattern Matching, p.179-196, June 02-04, 1993
 
13
Ortalo, R., Y. Deswarte, and M. Kaaniche, "Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security", in Dependable Computing for Critical Applications 6 (DCCA'6), (M.Dal Cin, C. Meadows and W.H. Sanders, Eds.), Grainau, Germany, March 5-7 1997, Dependable Computing and Fault-Tolerant Systems, vol. 11, pp.307-328, ISBN 0-8186-8009-1, IEEE Computer Society Press, 1998.
 
14
Ortalo, R., Y. Deswarte, "Quantitative Evaluation of Information System Security", in Global IT Security, Proc. of the IFIP TC11 14th International Conference on Information Security (IFIP/SEC'98), (G. Papp, R. Posch, eds.), August 31 - September 4, Vienna-Budapest, Austria-Hungary, Austrian Computer Society, ISBN 3-85403-116-5, pp. 321-332, 1998.
15
Cynthia A. Phillips, The network inhibition problem, Proceedings of the twenty-fifth annual ACM symposium on Theory of computing, p.776-785, May 16-18, 1993, San Diego, California, United States  [doi>10.1145/167088.167286]
 
16
Presidential Commission on Critical Infrastructure Protection. Commission Report "Critical Foundations: Protecting America's Infrastructures," October 1997. Available at: http:l/www.pccip.govlreport index.html
 
17
SATAN. (Security Administrator Tool for Analyzing Networks) tool. SATAN's creators, Mr. Dan Farmer and Mr. Wietse Venema, made SATAN widely available over the Internet without cost starting April 5, 1995. It can be obtained from the web site: http:/l 142.3.223.54/~short/SECURITY/satan.html
 
18
Tayi, G., Rosencrantz, D. and S. Ravi. "Path Problems in Networks with Vector Valued Edge Weights." Submitted for publication, October 1997.
 
19
G. D. Wyss , H. K. Schriner , T. R. Gaylor, Probablistic Logic Modeling of Network Reliability for Hybrid Network Architectures, Proceedings of the 21st Annual IEEE Conference on Local Computer Networks, p.404, October 31-November 16, 1996

CITED BY  24
Paul Ammann , Duminda Wijesekera , Saket Kaushik, Scalable, graph-based network vulnerability analysis, Proceedings of the 9th ACM conference on Computer and communications security, November 18-22, 2002, Washington, DC, USA
Steven Noel , Sushil Jajodia, Managing attack graph complexity through visual hierarchical aggregation, Proceedings of the 2004 ACM workshop on Visualization and data mining for computer security, October 29-29, 2004, Washington DC, USA
Peng Ning , Dingbang Xu, Hypothesizing and reasoning about attacks missed by intrusion detection systems, ACM Transactions on Information and System Security (TISSEC), v.7 n.4, p.591-627, November 2004
Adam J. O'Donnell , Harish Sethu, On achieving software diversity for improved network security using distributed coloring algorithms, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA
David M. Nicol, Modeling and Simulation in Security Evaluation, IEEE Security and Privacy, v.3 n.5, p.71-74, September 2005
Sviatoslav Braynov , Murtuza Jadiwala, Representation and analysis of coordinated attacks, Proceedings of the 2003 ACM workshop on Formal methods in security engineering, p.43-51, October 30, 2003, Washington, D.C.
Jaehyuk Lee , Seungkyu Park , Gihyun Jung , Kyunghee Choi, Simulation framework for cyber terrors and defense, Proceedings of the 9th WSEAS International Conference on Communications, p.1-5, July 14-16, 2005, Athens, Greece
Joseph Pamula , Paul Ammann , Sushil Jajodia , Ronald Ritchey, A framework for establishing, assessing, and managing trust in inter-organizational relationships, Proceedings of the 3rd ACM workshop on Secure web services, November 03-03, 2006, Alexandria, Virginia, USA
Joseph Pamula , Sushil Jajodia , Paul Ammann , Vipin Swarup, A weakest-adversary security metric for network configuration security analysis, Proceedings of the 2nd ACM workshop on Quality of protection, October 30-30, 2006, Alexandria, Virginia, USA
Xinming Ou , Wayne F. Boyer , Miles A. McQueen, A scalable approach to attack graph generation, Proceedings of the 13th ACM conference on Computer and communications security, October 30-November 03, 2006, Alexandria, Virginia, USA
Lingyu Wang , Anoop Singhal , Sushil Jajodia, Toward measuring network security using attack graphs, Proceedings of the 2007 ACM workshop on Quality of protection, October 29-29, 2007, Alexandria, Virginia, USA
Sankalp Singh , James Lyons , David M. Nicol, Fast model-based penetration testing, Proceedings of the 36th conference on Winter simulation, December 05-08, 2004, Washington, D.C.
Dean A. Jones , Mark A. Turnquist , Linda K. Nozick, Simulation of imperfect information in vulnerability modeling for infrastructure facilities, Proceedings of the 37th conference on Winter simulation, December 04-07, 2005, Orlando, Florida
Shanchieh J. Yang , Adam Stotz , Jared Holsopple , Moises Sudit , Michael Kuhl, High level information fusion for tracking and projection of multistage cyber attacks, Information Fusion, v.10 n.1, p.107-121, January, 2009
Lars Grunske , David Joyce, Quantitative risk-based security prediction for component-based systems with explicitly modeled attack profiles, Journal of Systems and Software, v.81 n.8, p.1327-1345, August, 2008
Zonghua Zhang , Pin-Han Ho, Janus: A dual-purpose analytical model for understanding, characterizing and countermining multi-stage collusive attacks in enterprise networks, Journal of Network and Computer Applications, v.32 n.3, p.710-720, May, 2009
Rinku Dewri , Nayot Poolsappasit , Indrajit Ray , Darrell Whitley, Optimal security hardening using multi-objective optimization on attack tree models of networks, Proceedings of the 14th ACM conference on Computer and communications security, October 28-31, 2007, Alexandria, Virginia, USA
Guy Helmer , Johnny Wong , Mark Slagell , Vasant Honavar , Les Miller , Yanxin Wang , Xia Wang , Natalia Stakhanova, Software fault tree and coloured Petri net based specification, design and implementation of agent-based intrusion detection systems, International Journal of Information and Computer Security, v.1 n.1/2, p.109-142, January 2007
Xiuzhen Chen , Qinghua Zheng , Xiaohong Guan, An OVAL-based active vulnerability assessment system for enterprise computer networks, Information Systems Frontiers, v.10 n.5, p.573-588, November 2008
Wei Wang , Thomas E. Daniels, A Graph Based Approach Toward Network Forensics Analysis, ACM Transactions on Information and System Security (TISSEC), v.12 n.1, p.1-33, October 2008
Golnaz Elahi , Eric Yu, Modeling and analysis of security trade-offs - A goal oriented approach, Data & Knowledge Engineering, v.68 n.7, p.579-598, July, 2009
Somak Bhattacharya , S. K. Ghosh, An intelligent search technique for network security administration, International Journal of Artificial Intelligence and Soft Computing, v.1 n.2/3/4, p.338-351, July 2009
Lingyu Wang , Steven Noel , Sushil Jajodia, Minimum-cost network hardening using attack graphs, Computer Communications, v.29 n.18, p.3812-3824, November, 2006
Nwokedi C. Idika , Brandeis H. Marshall , Bharat K. Bhargava, Maximizing network security given a limited budget, The Fifth Richard Tapia Celebration of Diversity in Computing Conference: Intellect, Initiatives, Insight, and Innovations, April 01-04, 2009, Portland, Oregon

INDEX TERMS

Primary Classification:
  G. Mathematics of Computing
  G.2 DISCRETE MATHEMATICS

Additional Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS


General Terms:
Algorithms, Design, Security


Keywords:
attack graph, computer security, network vulnerability

Collaborative Colleagues:
Cynthia Phillips: colleagues
Laura Painton Swiler: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player