A Unified Framework for Measuring a Network's Mean Time-to-Compromise
暂无分享,去创建一个
William Nzoukou | Sushil Jajodia | Lingyu Wang | Anoop Singhal | S. Jajodia | A. Singhal | Lingyu Wang | William Nzoukou
[1] Xinming Ou,et al. A scalable approach to attack graph generation , 2006, CCS '06.
[2] John Hale,et al. A systematic approach to multi-stage network attack analysis , 2004, Second IEEE International Information Assurance Workshop, 2004. Proceedings..
[3] Miles A. McQueen,et al. Ideal Based Cyber Security Technical Metrics for Control Systems , 2007, CRITIS.
[4] Tomas Olovsson,et al. A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior , 1997, IEEE Trans. Software Eng..
[5] Wouter Joosen,et al. Towards a quantitative assessment of security in software architectures , 2008 .
[6] Ram Dantu,et al. Risk management using behavior based attack graphs , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..
[7] Richard Lippmann,et al. Modeling Modern Network Attacks and Countermeasures Using Attack Graphs , 2009, 2009 Annual Computer Security Applications Conference.
[8] Jeannette M. Wing,et al. A Formal Model for a System's Attack Surface , 2011, Moving Target Defense.
[9] Emden R. Gansner,et al. Graphviz - Open Source Graph Drawing Tools , 2001, GD.
[10] John Yen,et al. Cyber SA: Situational Awareness for Cyber Defense , 2010, Cyber Situational Awareness.
[11] Stefano Bistarelli,et al. Defense trees for economic evaluation of security investments , 2006, First International Conference on Availability, Reliability and Security (ARES'06).
[12] Jacques Labelle. Recueil de problèmes de probabilité avec solution , 2011 .
[13] Sushil Jajodia,et al. A weakest-adversary security metric for network configuration security analysis , 2006, QoP '06.
[14] Ram Dantu,et al. Risk Management Using Behavior Based Bayesian Networks , 2005, ISI.
[15] Samuel N. Hamilton,et al. The Role of Game Theory in Information Warfare , 2002 .
[16] May R. Chaffin,et al. Empirical Estimates and Observations of 0Day Vulnerabilities , 2009, 2009 42nd Hawaii International Conference on System Sciences.
[17] Sushil Jajodia,et al. Topological analysis of network attack vulnerability , 2006, PST.
[18] M. Al-Humaigani,et al. A model of return on investment for information systems security , 2003, 2003 46th Midwest Symposium on Circuits and Systems.
[19] Lingyu Wang,et al. Measuring Network Security Using Bayesian Network-Based Attack Graphs , 2008, 2008 32nd Annual IEEE International Computer Software and Applications Conference.
[20] Stuart E. Schechter,et al. Quantitatively Differentiating System Security , 2002 .
[21] Gregg Schudel,et al. Adversary work factor as a metric for information assurance , 2001, NSPW '00.
[22] Duminda Wijesekera,et al. Scalable, graph-based network vulnerability analysis , 2002, CCS '02.
[23] Rayford B. Vaughn,et al. Cluster Security Research Involving the Modeling of Network Exploitations Using Exploitation Graphs , 2006 .
[24] A. Nur Zincir-Heywood,et al. VEA-bility Security Metric: A Network Security Analysis Tool , 2008, 2008 Third International Conference on Availability, Reliability and Security.
[25] Frédéric Cuppens,et al. Alert correlation in a cooperative intrusion detection framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.
[26] 尚弘 島影. National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .
[27] Peng Ning,et al. Constructing attack scenarios through correlation of intrusion alerts , 2002, CCS '02.
[28] Yixian Yang,et al. An attack graph based network security evaluation model for hierarchical network , 2010, 2010 IEEE International Conference on Information Theory and Information Security.
[29] John D. Hunter,et al. Matplotlib: A 2D Graphics Environment , 2007, Computing in Science & Engineering.
[30] Laurent Gallon,et al. Vulnerability Discrimination Using CVSS Framework , 2011, 2011 4th IFIP International Conference on New Technologies, Mobility and Security.
[31] Cynthia A. Phillips,et al. A graph-based system for network-vulnerability analysis , 1998, NSPW '98.
[32] John A. Major. Advanced Techniques for Modeling Terrorism Risk , 2002 .
[33] Michael Howard,et al. Measuring Relative Attack Surfaces , 2005 .
[34] Muhammad Zubair Shafiq,et al. A large scale exploratory analysis of software vulnerability life cycles , 2012, 2012 34th International Conference on Software Engineering (ICSE).
[35] Karen A. Scarfone,et al. A Complete Guide to the Common Vulnerability Scoring System Version 2.0 | NIST , 2007 .
[36] Rodolphe Ortalo,et al. Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security , 1999, IEEE Trans. Software Eng..
[37] Somesh Jha,et al. Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.
[38] Igor V. Kotenko,et al. Attacks Against Computer Network: Formal Grammar-Based Framework and Simulation Tool , 2002, RAID.
[39] William A. Wulf,et al. TOWARDS A FRAMEWORK FOR SECURITY MEASUREMENT , 1997 .
[40] Bharat K. Bhargava,et al. Extending Attack Graph-Based Security Metrics and Aggregating Their Application , 2012, IEEE Transactions on Dependable and Secure Computing.
[41] E SchechterStuart. Toward Econometric Models of the Security Risk from Remote Attack , 2005, S&P 2005.
[42] Edmund M. Clarke,et al. Ranking Attack Graphs , 2006, RAID.
[43] Ehab Al-Shaer,et al. Vulnerability analysis For evaluating quality of protection of security policies , 2006, QoP '06.
[44] Vincent Cheng-Siong Lee,et al. Estimating Potential IT Security Losses: An Alternative Quantitative Approach , 2006, IEEE Security & Privacy.
[45] Sushil Jajodia,et al. k-Zero Day Safety: Measuring the Security Risk of Networks against Unknown Attacks , 2010, ESORICS.
[46] Miles A. McQueen,et al. Time-to-Compromise Model for Cyber Risk Reduction Estimation , 2006, Quality of Protection.
[47] Ulf Lindqvist,et al. Modeling multistep cyber attacks for scenario recognition , 2003, Proceedings DARPA Information Survivability Conference and Exposition.
[48] Rayford B. Vaughn,et al. Cluster Security Research Involving the Modeling of Network Exploitations Using Exploitation Graphs , 2006, Sixth IEEE International Symposium on Cluster Computing and the Grid (CCGRID'06).
[49] Ehab Al-Shaer,et al. A Novel Quantitative Approach For Measuring Network Security , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.
[50] Sushil Jajodia,et al. An Attack Graph-Based Probabilistic Security Metric , 2008, DBSec.
[51] Miles McQueen,et al. Measuring the attack surfaces of two FTP daemons , 2006, QoP '06.
[52] David John Leversage,et al. Estimating a System's Mean Time-to-Compromise , 2008, IEEE Security & Privacy.
[53] Sushil Jajodia,et al. Measuring network security using dynamic bayesian network , 2008, QoP '08.
[54] Marc Dacier,et al. Models and tools for quantitative assessment of operational security , 1996, SEC.
[55] Mattia Monga,et al. Assessing the risk of using vulnerable components , 2006, Quality of Protection.
[56] Peng Liu,et al. Incentive-based modeling and inference of attacker intent, objectives, and strategies , 2003, CCS '03.
[57] Sacha Brostoff,et al. Transforming the ‘Weakest Link’ — a Human/Computer Interaction Approach to Usable and Effective Security , 2001 .
[58] Sushil Jajodia,et al. Toward measuring network security using attack graphs , 2007, QoP '07.
[59] Vicki M. Bier,et al. Game-Theoretic and Reliability Methods in Counterterrorism and Security , 2006 .
[60] Marc Dacier,et al. Quantitative Assessment of Operational Security: Models and Tools * , 1996 .
[61] Steven J. Templeton,et al. A requires/provides model for computer attacks , 2001, NSPW '00.
[62] J. Homer. A Sound and Practical Approach to Quantifying Security Risk in Enterprise Networks ∗ , 2009 .
[63] Michael M. May,et al. How much is enough? A risk management approach to computer security , 2000 .
[64] Kjell Hausken,et al. Protecting complex infrastructures against multiple strategic attackers , 2011, Int. J. Syst. Sci..
[65] Uriel G. Rothblum,et al. Nature plays with dice - terrorists do not: Allocating resources to counter strategic versus probabilistic risks , 2009, Eur. J. Oper. Res..
[66] Indrajit Ray,et al. Dynamic Security Risk Management Using Bayesian Attack Graphs , 2012, IEEE Transactions on Dependable and Secure Computing.
[67] William H. Sanders,et al. Model-based evaluation: from dependability to security , 2004, IEEE Transactions on Dependable and Secure Computing.
[68] Mathias Ekstedt,et al. Effort Estimates for Vulnerability Discovery Projects , 2012, 2012 45th Hawaii International Conference on System Sciences.
[69] Paul Ammann,et al. Using model checking to analyze network vulnerabilities , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.
[70] Karen Scarfone,et al. Common Vulnerability Scoring System , 2006, IEEE Security & Privacy.
[71] Frédéric Cuppens,et al. LAMBDA: A Language to Model a Database for Detection of Attacks , 2000, Recent Advances in Intrusion Detection.
[72] Tyler Moore,et al. The iterated weakest link , 2010, IEEE Security & Privacy.
[73] Sushil Jajodia,et al. Time-efficient and cost-effective network hardening using attack graphs , 2012, IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012).
[74] Judea Pearl,et al. Bayesian Networks , 1998, Encyclopedia of Social Network Analysis and Mining. 2nd Ed..
[75] Andrew W. Appel,et al. MulVAL: A Logic-based Network Security Analyzer , 2005, USENIX Security Symposium.
[76] Jeannette M. Wing,et al. Game strategies in network security , 2005, International Journal of Information Security.
[77] Miles A. McQueen,et al. Quantitative Cyber Risk Reduction Estimation Methodology for a Small SCADA Control System , 2006, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06).
[78] Aric Hagberg,et al. Exploring Network Structure, Dynamics, and Function using NetworkX , 2008 .
[79] Mathias Ekstedt,et al. Empirical Analysis of System-Level Vulnerability Metrics through Actual Attacks , 2012, IEEE Transactions on Dependable and Secure Computing.
[80] A. Ozment,et al. Bug Auctions: Vulnerability Markets Reconsidered , 2004 .