Dynamic Security Risk Management Using Bayesian Attack Graphs

IEEE Transactions on Dependable and Secure Computing - Tập 9 Số 1 - Trang 61-74 - 2012
Nayot Poolsappasit1, Rinku Dewri2, Indrajit Ray3
1Dept. of Comput. Sci., Missouri Univ of Sci. & Technol., Rolla, MO, USA
2Department of Computer Science, University of Denver, Denver, CO, USA
3Department of Computer Science, Colorado State University, Fort Collins, CO, USA

Tóm tắt

Từ khóa


Tài liệu tham khảo

butler, 2002, Multi-Attribute Risk Assessment, Proc SREIS02 in Conjunction of 10th IEEE Int'l Requirements Eng Conf

10.1007/s10922-008-9109-x

10.1109/4235.996017

goldberg, 1989, Genetic Algorithms in Search Optimization and Machine Learning

ou, 2005, Mulval: A Logic-Based Network Security Analyzer, Proc 14th Conf USENIX Security Symp, 113

10.1016/j.comcom.2006.06.018

wang, 2007, Measuring the Overall Security of Network Configurations Using Attack Graphs, Proc 21st Ann IFIP WG 11 3 Working Conf Data and Application Security, 98, 10.1007/978-3-540-73538-0_9

10.1145/1455770.1455780

10.1109/JSAC.2009.090407

wang, 2008, An Attack Graph-Based Probabilistic Security Metric, Proc 22nd Ann IFIP WG 11 3 Working Conf Data and Applications Security, 283, 10.1007/978-3-540-70567-3_22

10.1109/COMPSAC.2008.88

10.1016/j.comcom.2006.04.001

ray, 2005, Using Attack Trees to Identify Malicious Attacks from Authorized Insiders, Proc 10th European Symp Research in Computer Security (ESORICS '05), 231

moore, 2001, Attack Modeling for Information Survivability

10.1016/0888-613X(95)00112-T

shawn a butler, 2002, Security Attribute Evaluation Method: A Cost-Benefit Approach, Proceedings of the 24th International Conference on Software Engineering ICSE 2002, 232, 10.1109/ICSE.2002.1007971

dawkins, 2002, Modeling Network Attacks: Extending the Attack Tree Paradigm, Proc Workshop Statistical Machine Learning Techniques in Computer Intrusion Detection

10.1109/DISCEX.2001.932182

10.1109/MITP.2004.89

10.1109/TEVC.2002.800880

10.1109/ISI.2007.379536

sheyner, 2002, Automated Generation and Analysis of Attack Graphs, Proc IEEE Symp Security and Privacy, 273

10.1002/sec.58

10.1145/310889.310919

10.1145/1456362.1456368

10.1109/CSFW.2002.1021806

xie, 2010, Using Bayesian Networks for Cyber Security Analysis, Proc 40th IEEE/IFIP Int'l Conf Dependable Systems and Networks

10.1145/586139.586140

dewri, 2007, Optimal Security Hardening Using Multi-Objective Optimization on Attack Tree Models of Networks, Proc 14th ACM Conf Computer and Comm Security, 204

10.1109/CSAC.2003.1254313

liu, 2005, Network Vulnerability Assessment Using Bayesian Networks, Proc SPIE, 5812, 61, 10.1117/12.604240

10.1109/ITCC.2004.1286496

berger, 2003, Data-Centric Quantitative Computer Security Risk Assessment

stoneburner, 2002, Risk Management Guide for Information Technology Systems, Proc Nat'l Inst of Standards and Technology (NIST) Special Publication, 800

lee, 2002, Toward Cost-Sensitive Modeling for Intrusion Detection and Response, J Computer Security, 10, 5, 10.3233/JCS-2002-101-202

schiffman, 2011, Common Vulnerability Scoring System (CVSS)

schneier, 1999, Attack Trees, Dr Dobb's J