Attack Graph and Network Hardening
In this chapter, we briefly review some important concepts that are relevant to further discussions. First, we introduce attack graph and its related concepts. Second, we formalize the network hardening problem. Third, we briefly review standard heuristic approaches and their applicability to network hardening.
KeywordsLogic Program Goal Condition Disjunctive Normal Form Network Hardening Dummy Condition
- 1.P. Ammann, D. Wijesekera, and S. Kaushik. Scalable, graph-based network vulnerability analysis. In Proceedings of ACM CCS’02, 2002.Google Scholar
- 2.Christian Blum and Andrea Roli. Metaheuristics in combinatorial optimization: Overview and conceptual comparison. ACM Comput. Surv., 35(3):268–308, 2003.Google Scholar
- 3.R. Deraison. Nessus scanner, 1999. Available at http://www.nessus.org.
- 4.Manfred GILLI and Peter WINKER. A review of heuristic optimization methods in econometrics. Swiss Finance Institute Research Paper Series 08–12, Swiss Finance Institute, 2008.Google Scholar
- 6.S. Jajodia, S. Noel, and B. O’Berry. Topological analysis of network attack vulnerability. In V. Kumar, J. Srivastava, and A. Lazarevic, editors, Managing Cyber Threats: Issues, Approaches and Challenges. Kluwer Academic Publisher, 2003.Google Scholar
- 7.S. Jha, O. Sheyner, and J.M. Wing. Two formal analysis of attack graph. In Proceedings of the 15th Computer Security Foundation Workshop (CSFW’02), 2002.Google Scholar
- 8.S. Noel, S. Jajodia, B. O’Berry, and M. Jacobs. Efficient minimum-cost network hardening via exploit dependency grpahs. In Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC’03), 2003.Google Scholar
- 9.National vulnerability database. available at: http://www.nvd.org, May 9, 2008.
- 10.O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J.M. Wing. Automated generation and analysis of attack graphs. In Proceedings of the IEEE S&P’02, 2002.Google Scholar