Attack Graph and Network Hardening

  • Lingyu Wang
  • Massimiliano Albanese
  • Sushil Jajodia
Part of the SpringerBriefs in Computer Science book series (BRIEFSCOMPUTER)


In this chapter, we briefly review some important concepts that are relevant to further discussions. First, we introduce attack graph and its related concepts. Second, we formalize the network hardening problem. Third, we briefly review standard heuristic approaches and their applicability to network hardening.


Logic Program Goal Condition Disjunctive Normal Form Network Hardening Dummy Condition 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    P. Ammann, D. Wijesekera, and S. Kaushik. Scalable, graph-based network vulnerability analysis. In Proceedings of ACM CCS’02, 2002.Google Scholar
  2. 2.
    Christian Blum and Andrea Roli. Metaheuristics in combinatorial optimization: Overview and conceptual comparison. ACM Comput. Surv., 35(3):268–308, 2003.Google Scholar
  3. 3.
    R. Deraison. Nessus scanner, 1999. Available at
  4. 4.
    Manfred GILLI and Peter WINKER. A review of heuristic optimization methods in econometrics. Swiss Finance Institute Research Paper Series 08–12, Swiss Finance Institute, 2008.Google Scholar
  5. 5.
    G. Laporte I.H. Osman. Metaheuristics: A bibliography. Annals of Operations Research, 63(5):511–623, 1996.CrossRefMathSciNetGoogle Scholar
  6. 6.
    S. Jajodia, S. Noel, and B. O’Berry. Topological analysis of network attack vulnerability. In V. Kumar, J. Srivastava, and A. Lazarevic, editors, Managing Cyber Threats: Issues, Approaches and Challenges. Kluwer Academic Publisher, 2003.Google Scholar
  7. 7.
    S. Jha, O. Sheyner, and J.M. Wing. Two formal analysis of attack graph. In Proceedings of the 15th Computer Security Foundation Workshop (CSFW’02), 2002.Google Scholar
  8. 8.
    S. Noel, S. Jajodia, B. O’Berry, and M. Jacobs. Efficient minimum-cost network hardening via exploit dependency grpahs. In Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC’03), 2003.Google Scholar
  9. 9.
    National vulnerability database. available at:, May 9, 2008.
  10. 10.
    O. Sheyner, J. Haines, S. Jha, R. Lippmann, and J.M. Wing. Automated generation and analysis of attack graphs. In Proceedings of the IEEE S&P’02, 2002.Google Scholar

Copyright information

© The Author(s) 2014

Authors and Affiliations

  • Lingyu Wang
    • 1
  • Massimiliano Albanese
    • 2
  • Sushil Jajodia
    • 2
  1. 1.Concordia Institute for Information Systems Engineering (CIISE)Concordia UniversityMontrealCanada
  2. 2.Center for Secure Information SystemsGeorge Mason UniversityFairfaxUSA

Personalised recommendations