Advertisement

Related Work

  • Lingyu Wang
  • Massimiliano Albanese
  • Sushil Jajodia
Chapter
Part of the SpringerBriefs in Computer Science book series (BRIEFSCOMPUTER)

Abstract

In this chapter, we provide a brief review of related work, including attack graphs and applications, existing network hardening techniques, and other relevant topics, such as alert correlation and security metrics.

References

  1. 1.
    Massimiliano Albanese, Sushil Jajodia, and Steven Noel. Time-efficient and cost-effective network hardening using attack graphs. In Proceedings of the 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012), Boston, MA, USA, June 2012.Google Scholar
  2. 2.
    P. Ammann, D. Wijesekera, and S. Kaushik. Scalable, graph-based network vulnerability analysis. In Proceedings of ACM CCS’02, 2002.Google Scholar
  3. 3.
    Pengsu Cheng, Lingyu Wang, Sushil Jajodia, and Anoop Singhal. Aggregating cvss base scores for semantics-rich network security metrics. In Proceedings of the 31st IEEE International Symposium on Reliable Distributed Systems (SRDS 2012), pages 31–40. IEEE Computer Society, 2012.Google Scholar
  4. 4.
    F. Cuppens. Managing alerts in a multi-intrusion detection environment. In Proceedings of the 17th Annual Computer Security Applications Conference (ACSAC’01), 2001.Google Scholar
  5. 5.
    F. Cuppens and A. Miege. Alert correlation in a cooperative intrusion detection framework. In Proceedings of the IEEE Symposium on Security and Privacy, pages 187–200, 2002.Google Scholar
  6. 6.
    F. Cuppens and R. Ortalo. LAMBDA: A language to model a database for detection of attacks. In Proceedings of the 3rd International Symposium on Recent Advances in Intrusion Detection (RAID’01), pages 197–216, 2001.Google Scholar
  7. 7.
  8. 8.
    M. Dacier. Towards quantitative evaluation of computer security. Ph.D. Thesis, Institut National Polytechnique de Toulouse, 1994.Google Scholar
  9. 9.
    O. Dain and R.K. Cunningham. Building scenarios from a heterogeneous alert system. In Proceedings of the 2001 IEEE Workshop on Information Assurance and Security, 2001.Google Scholar
  10. 10.
    O. Dain and R.K. Cunningham. Fusing a heterogeneous alert stream into scenarios. In Proceedings of the ACM Workshop on Data Mining for Security Applications, pages 1–13, 2001.Google Scholar
  11. 11.
    H. Debar and A. Wespi. Aggregation and correlation of intrusion-detection alerts. In Proceedings of the 3rd International Symposium on Recent Advances in Intrusion Detection (RAID’01), pages 85–103, 2001.Google Scholar
  12. 12.
    R. Deraison. Nessus scanner, 1999. Available at http://www.nessus.org.
  13. 13.
    S.T. Eckmann, G. Vigna, and R.A. Kemmerer. STATL: An attack language for state-based intrusion detection. Journal of Computer Security, 10(1/2):71–104, 2002.Google Scholar
  14. 14.
    D. Farmer and E.H. Spafford. The COPS security checker system. In USENIX Summer, pages 165–170, 1990.Google Scholar
  15. 15.
    M. Frigault, L. Wang, A. Singhal, and S. Jajodia. Measuring network security using dynamic bayesian network. In Proceedings of 4th ACM QoP, 2008.Google Scholar
  16. 16.
    A. Greenberg. Shopping for zero-days: A price list for hackers’ secret software exploits. Forbes, 23 March 2012.Google Scholar
  17. 17.
    Hannes Holm, Mathias Ekstedt, and Dennis Andersson. Empirical analysis of system-level vulnerability metrics through actual attacks. IEEE Trans. Dependable Secur. Comput., 9(6):825–837, November 2012.Google Scholar
  18. 18.
    J. Homer, X. Ou, and D. Schmidt. A sound and practical approach to quantifying security risk in enterprise networks. Technical Report, 2009.Google Scholar
  19. 19.
    IBM. IBM tivoli risk manager. Available at http://www.ibm.com/software/tivoli/products/risk-mgr/.
  20. 20.
    SRI International. Event monitoring enabling responses to anomalous live disturbances (EMERALD). Available at http://www.sdl.sri.com/projects/emerald/.
  21. 21.
    System Scanner Internet Security Systems. Internet security systems, system scanner. Available at http://www.iss.net.
  22. 22.
    S. Jajodia, S. Noel, and B. O’Berry. Topological analysis of network attack vulnerability. In V. Kumar, J. Srivastava, and A. Lazarevic, editors, Managing Cyber Threats: Issues, Approaches and Challenges. Kluwer Academic Publisher, 2003.Google Scholar
  23. 23.
    A. Jaquith. Security Merics: Replacing Fear Uncertainty and Doubt. Addison Wesley, 2007.Google Scholar
  24. 24.
    S. Jha, O. Sheyner, and J.M. Wing. Two formal analysis of attack graph. In Proceedings of the 15th Computer Security Foundation Workshop (CSFW’02), 2002.Google Scholar
  25. 25.
    Klaus Julisch and Marc Dacier. Mining intrusion detection alarms for actionable knowledge. In Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, pages 366–375, 2002.Google Scholar
  26. 26.
    D.J. Leversage and E.J. Byres. Estimating a system’s mean time-to-compromise. IEEE Security and Privacy, 6(1):52–60, 2008.CrossRefGoogle Scholar
  27. 27.
    R. Lippmann, K. Ingols, C. Scott, K. Piwowarski, K. Kratkiewicz, M. Artz, and R. Cunningham. Validating and restoring defense in depth using attack graphs. In Proceedings of the 2006 IEEE conference on Military communications, MILCOM’06, pages 981–990, Piscataway, NJ, USA, 2006. IEEE Press.Google Scholar
  28. 28.
    M.A. McQueen, T.A. McQueen, W.F. Boyer, and M.R. Chaffin. Empirical estimates and observations of 0day vulnerabilities. Hawaii International Conference on System Sciences, 0:1–12, 2009.Google Scholar
  29. 29.
    V. Mehta, C. Bartzis, H. Zhu, E.M. Clarke, and J.M. Wing. Ranking attack graphs. In Recent Advances in Intrusion Detection 2006, 2006.Google Scholar
  30. 30.
    P. Mell, K. Scarfone, and S. Romanosky. Common vulnerability scoring system. IEEE Security & Privacy, 4(6):85–89, 2006.CrossRefGoogle Scholar
  31. 31.
    B. Morin, L. Mé, H. Debar, and M. Ducassé. M2D2: A formal data model for IDS alert correlation. In Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID’02), pages 115–137, 2002.Google Scholar
  32. 32.
    P. Ning, Y. Cui, and D.S. Reeves. Constructing attack scenarios through correlation of intrusion alerts. In Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS’02), pages 245–254, 2002.Google Scholar
  33. 33.
    P. Ning and D. Xu. Learning attack strategies from intrusion alerts. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS’03), 2003.Google Scholar
  34. 34.
    P. Ning, D. Xu, C.G. Healey, and R.S. Amant. Building attack scenarios through integration of complementary alert correlation methods. In Proceedings of the 11th Annual Network and Distributed System Security Symposium (NDSS’04), pages 97–111, 2004.Google Scholar
  35. 35.
    Nmap-network mapper. Available at http://nmap.org/index.html.
  36. 36.
    S. Noel and S. Jajodia. Correlating intrusion events and building attack scenarios through attack graph distance. In Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC’04), 2004.Google Scholar
  37. 37.
    S. Noel, S. Jajodia, B. O’Berry, and M. Jacobs. Efficient minimum-cost network hardening via exploit dependency grpahs. In Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC’03), 2003.Google Scholar
  38. 38.
    National vulnerability database. available at: http://www.nvd.org, May 9, 2008.
  39. 39.
    W. Nzoukou, L. Wang, S. Jajodia1, and A. Singhal. A unified framework for measuring a network’s mean time-to-compromise. In Proceedings of the 32nd IEEE International Symposium on Reliable Distributed Systems (SRDS 2013), pages 215–224, 2013.Google Scholar
  40. 40.
    R. Ortalo, Y. Deswarte, and M. Kaaniche. Experimenting with quantitative evaluation tools for monitoring operational security. IEEE Trans. Software Eng., 25(5):633–650, 1999.CrossRefGoogle Scholar
  41. 41.
    X. Ou, W.F. Boyer, and M.A. McQueen. A scalable approach to attack graph generation. In Proceedings of the 13th ACM conference on Computer and communications security, CCS’06, pages 336–345, New York, NY, USA, 2006. ACM.Google Scholar
  42. 42.
    J. Wing P. Manadhata. An attack surface metric. Technical Report CMU-CS-05-155, 2005.Google Scholar
  43. 43.
    J. Pamula, S. Jajodia, P. Ammann, and V. Swarup. A weakest-adversary security metric for network configuration security analysis. In Proceedings of the ACM QoP, pages 31–38, 2006.Google Scholar
  44. 44.
    C. Phillips and L. Swiler. A graph-based system for network-vulnerability analysis. In Proceedings of the New Security Paradigms Workshop (NSPW’98), 1998.Google Scholar
  45. 45.
    Nayot Poolsappasit, Rinku Dewri, and Indrajit Ray. Dynamic security risk management using bayesian attack graphs. IEEE Trans. Dependable Secur. Comput., 9(1):61–74, January 2012.Google Scholar
  46. 46.
    X. Qin and W. Lee. Statistical causality analysis of INFOSEC alert data. In Proceedings of the 6th International Symposium on Recent Advances in Intrusion Detection (RAID 2003), pages 591–627, 2003.Google Scholar
  47. 47.
    X. Qin and W. Lee. Discovering novel attack strategies from INFOSEC alerts. In Proceedings of the 9th European Symposium on Research in Computer Security (ESORICS 2004), pages 439–456, 2004.Google Scholar
  48. 48.
    A. R. Chinchani andIyer, H. Ngo, and S. Upadhyay. Towards a theory of insider threat assessment. In Proceedings of the IEEE International Conference on Dependable Systems and Networks (DSN’05), 2005.Google Scholar
  49. 49.
    C.R. Ramakrishnan and R. Sekar. Model-based analysis of configuration vulnerabilities. Journal of Computer Security, 10(1/2):189–209, 2002.Google Scholar
  50. 50.
    I. Ray and N. Poolsappasit. Using attack trees to identify malicious attacks from authorized insiders. In Proceedings of the 10th European Symposium on Research in Computer Security (ESORICS’05), 2005.Google Scholar
  51. 51.
    R. Ritchey and P. Ammann. Using model checking to analyze network vulnerabilities. In Proceedings of the 2000 IEEE Symposium on Security and Privacy, pages 156–165, 2000.Google Scholar
  52. 52.
    R. Ritchey, B. O’Berry, and S. Noel. Representing TCP/IP connectivity for topological analysis of network security. In Proceedings of the 18th Annual Computer Security Applications Conference (ACSAC’02), page 25, 2002.Google Scholar
  53. 53.
    M. Roesch. Snort - lightweight intrusion detection for networks. In Proceedings of the 1999 USENIX LISA Conference, pages 229–238, 1999.Google Scholar
  54. 54.
    R.M. Savola. Towards a taxonomy for information security metrics. In Proceedings of the 3rd ACM QoP, pages 28–30. ACM, 2007.Google Scholar
  55. 55.
    M. Shahzad, M.Z. Shafiq, and A.X. Liu. A large scale exploratory analysis of software vulnerability life cycles. In Proceedings of the 34th International Conference on Software Engineering (ICSE), 2012.Google Scholar
  56. 56.
    O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J.M. Wing. Automated generation and analysis of attack graphs. In Proceedings of the IEEE S&P’02, 2002.Google Scholar
  57. 57.
    Teodor Sommestad, Hannes Holm, and Mathias Ekstedt. Effort estimates for vulnerability discovery projects. In Proceedings of the 2012 45th Hawaii International Conference on System Sciences, HICSS ’12, pages 5564–5573, Washington, DC, USA, 2012. IEEE Computer Society.Google Scholar
  58. 58.
    S. Staniford, J.A. Hoagland, and J.M. McAlerney. Practical automated detection of stealthy portscans. Journal of Computer Security, 10(1/2):105–136, 2002.Google Scholar
  59. 59.
    P. Stephenson. Using formal methods for forensic analysis of intrusion events- - a preliminary examination. white paper. available at http://www.imfgroup.com/DocumentLibrary.html.
  60. 60.
    L. Swiler, C. Phillips, D. Ellis, and S. Chakerian. Computer attack graph generation tool. In Proceedings of the DARPA Information Survivability Conference & Exposition II (DISCEX’01), 2001.Google Scholar
  61. 61.
    S. Templeton and K. Levitt. A requires/provides model for computer attacks. In Proceedings of the 2000 New Security Paradigms Workshop (NSPW’00), pages 31–38, 2000.Google Scholar
  62. 62.
    The MITRE Corporation. Common weakness scoring system. http://cwe.mitre.org/cwss/, 2010.
  63. 63.
    A. Valdes and K. Skinner. Probabilistic alert correlation. In Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection, pages 54–68, 2001.Google Scholar
  64. 64.
    V. Verendel. Quantified security is a weak hypothesis: a critical survey of results and assumptions. In Proceedings of the 2009 NSPW, pages 37–50. ACM, 2009.Google Scholar
  65. 65.
    L. Wang, T. Islam, T. Long, A. Singhal, and S. Jajodia. An attack graph-based probabilistic security metric. In Proceedings of the 22nd IFIP DBSec, 2008.Google Scholar
  66. 66.
    L. Wang, S. Jajodia, A. Singhal, and S. Noel. k-zero day safety: Measuring the security risk of networks against unknown attacks. In Proceedings of the 15th ESORICS, pages 573–587, 2010.Google Scholar
  67. 67.
    L. Wang, A. Liu, and S. Jajodia. An efficient and unified approach to correlating, hypothesizing, and predicting intrusion alerts. In Proceedings of the 10th European Symposium on Research in Computer Security (ESORICS 2005), pages 247–266, 2005.Google Scholar
  68. 68.
    L. Wang, A. Liu, and S. Jajodia. Using attack graphs for correlating, hypothesizing, and predicting intrusion alerts. Computer Communications, 29(15):2917–2933, 2006.CrossRefGoogle Scholar
  69. 69.
    L. Wang, S. Noel, and S. Jajodia. Minimum-cost network hardening using attack graphs. Computer Communications, 29(18):3812–3824, 11 2006.Google Scholar
  70. 70.
    L. Wang, A. Singhal, and S. Jajodia. Measuring network security using attack graphs. In Proceedings of the 3rd ACM QoP, New York, NY, USA, 2007. ACM Press.Google Scholar
  71. 71.
    D. Xu and P. Ning. Alert correlation through triggering events and common resources. In Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC’04), pages 360–369, 2004.Google Scholar
  72. 72.
    D. Xu and P. Ning. Privacy-preserving alert correlation: A concept hierarchy based approach. In Proceedings of the 21st Annual Computer Security Applications Conference (ACSAC’05), 2005.Google Scholar
  73. 73.
    D. Zerkle and K. Levitt. Netkuang - a multi-host configuration vulnerability checker. In Proceedings of the 6th USENIX Unix Security Symposium (USENIX’96), 1996.Google Scholar
  74. 74.
    Y. Zhai, P. Ning, P. Iyer, and D. Reeves. Reasoning about complementary intrusion evidence. In Proceedings of the 20th Annual Computer Security Applications Conference (ACSAC’04), pages 39–48, 2004.Google Scholar

Copyright information

© The Author(s) 2014

Authors and Affiliations

  • Lingyu Wang
    • 1
  • Massimiliano Albanese
    • 2
  • Sushil Jajodia
    • 2
  1. 1.Concordia Institute for Information Systems Engineering (CIISE)Concordia UniversityMontrealCanada
  2. 2.Center for Secure Information SystemsGeorge Mason UniversityFairfaxUSA

Personalised recommendations