DAG-based attack and defense modeling: Don't miss the forest for the attack trees

[1]  Sven M. Hallberg,et al.  Technology-supported Risk Estimation by Predictive Assessment of Socio-technical Security , 2016 .

[2]  M. E. Kabay,et al.  Writing Secure Code , 2015 .

[3]  Mariëlle Stoelinga,et al.  Fault tree analysis: A survey of the state-of-the-art in modeling, analysis and tools , 2014, Comput. Sci. Rev..

[4]  Tomaz Klobucar,et al.  Use of the Enhanced Structural Model for Attack Analysis and Education , 2015, Comprehensive Approach as "Sine Qua Non" for Critical Infrastructure Protection.

[5]  Ludovic Piètre-Cambacédès,et al.  Safety and Security Interactions Modeling Using the BDMP Formalism: Case Study of a Pipeline , 2014, SAFECOMP.

[6]  Barbara Kordy,et al.  A Probabilistic Framework for Security Scenarios with Dependent Actions , 2014, IFM.

[7]  Xiaolong Li,et al.  An attack-and-defence game for security assessment in vehicular ad hoc networks , 2014, Peer Peer Netw. Appl..

[8]  Flemming Nielson,et al.  Automated Generation of Attack Trees , 2014, 2014 IEEE 27th Computer Security Foundations Symposium.

[9]  Stéphane Paul Towards Automating the Construction & Maintenance of Attack Trees: a Feasibility Study , 2014, GraMSec.

[10]  Reza Pulungan,et al.  Time-Dependent Analysis of Attacks , 2014, POST.

[11]  William H. Sanders,et al.  Ieee Transactions on Parallel and Distributed Systems Rre: a Game-theoretic Intrusion Response and Recovery Engine , 2022 .

[12]  Hannes Holm,et al.  A Framework and Calculation Engine for Modeling and Predicting the Cyber Security of Enterprise Architectures , 2014 .

[13]  Barbara Kordy,et al.  Attack-defense trees , 2014, J. Log. Comput..

[14]  Nora Cuppens-Boulahia,et al.  Situation Calculus and Graph Based Defensive Modeling of Simultaneous Attacks , 2013, CSS.

[15]  Ahto Buldas,et al.  New Efficient Utility Upper Bounds for the Fully Adaptive Model of Attack Trees , 2013, GameSec.

[16]  William Nzoukou,et al.  A Unified Framework for Measuring a Network's Mean Time-to-Compromise , 2013, 2013 IEEE 32nd International Symposium on Reliable Distributed Systems.

[17]  Mathias Ekstedt,et al.  The Cyber Security Modeling Language: A Tool for Assessing the Vulnerability of Enterprise System Architectures , 2013, IEEE Systems Journal.

[18]  Barbara Kordy,et al.  ADTool: Security Analysis with Attack-Defense Trees , 2013, QEST.

[19]  Khurram Shahzad,et al.  P2AMF: Predictive, Probabilistic Architecture Modeling Framework , 2013, IWEI.

[20]  Bruce Schneier,et al.  DIGITAL SECURITY IN A NETWORKED WORLD , 2013 .

[21]  Masayuki Terada,et al.  Advances in Information and Computer Security , 2013, Lecture Notes in Computer Science.

[22]  Khurram Shahzad,et al.  The Enterprise Architecture Analysis Tool - Support for the Predictive, Probabilistic Architecture Modeling Framework , 2013, AMCIS.

[23]  Davor Svetinovic,et al.  Evaluating the effectiveness of the security quality requirements engineering (SQUARE) method: a case study using smart grid advanced metering infrastructure , 2012, Requirements Engineering.

[24]  Ryan T. Ostler Defensive Cyber Battle Damage Assessment through Attack Methodology Modeling , 2012 .

[25]  Alessandro Buoni,et al.  Fraud detection in the banking sector : a multi-agent approach , 2012 .

[26]  Ahto Buldas,et al.  Upper Bounds for Adversaries' Utility in Attack Trees , 2012, GameSec.

[27]  Barbara Kordy,et al.  Quantitative Questions on Attack-Defense Trees , 2012, ICISC.

[28]  Ralf Steinmetz,et al.  Protecting IEEE 802.11s wireless mesh networks against insider attacks , 2012, 37th Annual IEEE Conference on Local Computer Networks.

[29]  Ludovic Piètre-Cambacédès,et al.  Modeling the Stuxnet attack with BDMP: Towards more formal risk assessments , 2012, 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS).

[30]  Amel Mammar,et al.  An advanced approach for modeling and detecting software vulnerabilities , 2012, Inf. Softw. Technol..

[31]  Dong Seong Kim,et al.  Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees , 2012, Secur. Commun. Networks.

[32]  Dong Seong Kim,et al.  Scalable optimal countermeasure selection using implicit enumeration on attack countermeasure trees , 2012, IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012).

[33]  Guttorm Sindre,et al.  Comparing Misuse Case and Mal-Activity Diagrams for Modelling Social Engineering Attacks , 2012, Int. J. Secur. Softw. Eng..

[34]  Alessandra Bagnato,et al.  Attribute Decoration of Attack-Defense Trees , 2012, Int. J. Secur. Softw. Eng..

[35]  Indrajit Ray,et al.  Optimal security hardening on attack tree models of networks: a cost-benefit analysis , 2012, International Journal of Information Security.

[36]  Nan Feng,et al.  A Bayesian networks-based security risk analysis model for information systems integrating the observed cases with expert experience , 2012 .

[37]  Teodor Sommestad,et al.  A framework and theory for cyber security assessments , 2012 .

[38]  Chengli Zhao,et al.  Quantitative Analysis of Survivability Based on Intrusion Scenarios , 2012 .

[39]  Mario Fedrizzi,et al.  Consensual Dynamics and Choquet Integral in an Attack Tree-based Fraud Detection System , 2012, ICAART.

[40]  Shivani Mishra,et al.  Multi Tree View of Complex Attack - Stuxnet , 2012, ACITY.

[41]  Security of mobile TAN on smartphones A risk analysis for the iOS and Android smartphone platforms , 2012 .

[42]  B. Miller,et al.  Automating Threat Modeling through the Software Development Life-Cycle , 2012 .

[43]  Indrajit Ray,et al.  Dynamic Security Risk Management Using Bayesian Attack Graphs , 2012, IEEE Transactions on Dependable and Secure Computing.

[44]  Chris W. Johnson Using Assurance Cases and Boolean Logic Driven Markov Processes to Formalise Cyber Security Concerns for Safety-Critical Interaction with Global Navigation Satellite Systems , 2011, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..

[45]  Ana R. Cavalli,et al.  A model-based attack injection approach for security validation , 2011, SIN '11.

[46]  Wei-min Li,et al.  Space Based Information System Security Risk Evaluation Based on Improved Attack Trees , 2011, 2011 Third International Conference on Multimedia Information Networking and Security.

[47]  József Mezei,et al.  Combining attack trees and fuzzy numbers in a multi-agent approach to fraud detection , 2011, Int. J. Electron. Bus..

[48]  Yuji Yamaoka,et al.  Threat Tree Templates to Ease Difficulties in Threat Modeling , 2011, 2011 14th International Conference on Network-Based Information Systems.

[49]  S. Giove,et al.  Modelling fraud detection by attack trees and Choquet integral , 2011 .

[50]  David L. Dill,et al.  Applying a Reusable Election Threat Model at the County Level , 2011, EVT/WOTE.

[51]  Raphael C.-W. Phan,et al.  Attribution of attack trees , 2011, Comput. Electr. Eng..

[52]  William H. Sanders,et al.  Managing business health in the presence of malicious attacks , 2011, 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W).

[53]  Barbara Kordy,et al.  Computational Aspects of Attack-Defense Trees , 2011, SIIS.

[54]  Marc Pouly,et al.  Generic Inference: A Unifying Theory for Automated Reasoning , 2011 .

[55]  Theodore W. Manikas,et al.  Using Multiple-Valued Logic Decision Diagrams to Model System Threat Probabilities , 2011, 2011 41st IEEE International Symposium on Multiple-Valued Logic.

[56]  Marc Bouissou,et al.  Security Modeling with BDMP: From Theory to Implementation , 2011, 2011 Conference on Network and Information Systems Security.

[57]  Jeannette M. Wing,et al.  An Attack Surface Metric , 2011, IEEE Transactions on Software Engineering.

[58]  Erik M. Ferragut,et al.  Modeling cyber conflicts using an extended Petri Net formalism , 2011, 2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS).

[59]  Min-Woo Park,et al.  A framework of defense system for prevention of insider's malicious behaviors , 2011, 13th International Conference on Advanced Communication Technology (ICACT2011).

[60]  David J. Parish,et al.  Unified P arametrizable Attack Tree , 2011 .

[61]  Jason R. Nielsen,et al.  Evaluating Information Assurance Control Effectiveness on an Air Force Supervisory Control and Data Acquisition (SCADA) System , 2011 .

[62]  Saman Zonouz,et al.  Game-theoretic intrusion response and recovery , 2011 .

[63]  Jie Wang,et al.  Unified Parametrizable Attack Tree , 2011 .

[64]  K C Sameer,et al.  Attack Generation From System Models , 2011 .

[65]  Dianxiang Xu,et al.  Security Analysis of FileZilla Server Using Threat Models , 2011, SEKE.

[66]  M. Warren,et al.  Attack vectors against social networking systems: the Facebook example , 2011, AISM 2011.

[67]  Raphael C.-W. Phan,et al.  Quality of detectability (QoD) and QoD-aware AAT-based attack detection , 2010, 2010 International Conference for Internet Technology and Secured Transactions.

[68]  Dmitry Podkuiko,et al.  Multi-vendor penetration testing in the advanced metering infrastructure , 2010, ACSAC '10.

[69]  Margus Niitsoo Optimal Adversary Behavior for the Serial Model of Financial Attack Trees , 2010, IWSEC.

[70]  Ludovic Piètre-Cambacédès,et al.  Modeling safety and security interdependencies with BDMP (Boolean logic Driven Markov Processes) , 2010, 2010 IEEE International Conference on Systems, Man and Cybernetics.

[71]  Andreas L. Opdahl,et al.  Comparing Two Techniques for Intrusion Visualization , 2010, PoEM.

[72]  Ludovic Pietre-Cambacedes Des relations entre sûreté et sécurité , 2010 .

[73]  Parosh Aziz Abdulla,et al.  Analyzing the Security in the GSM Radio Network Using Attack Jungles , 2010, ISoLA.

[74]  Alessandro Buoni Fraud Detection: From Basic Techniques to a Multi-Agent Approach , 2010, 2010 International Conference on Management and Service Science.

[75]  Barbara Kordy,et al.  Foundations of Attack-Defense Trees , 2010, Formal Aspects in Security and Trust.

[76]  Ludovic Piètre-Cambacédès,et al.  Attack and Defense Modeling with BDMP , 2010, MMM-ACNS.

[77]  Frank Elberzhager,et al.  Systematic Construction of Goal Indicator Trees for Indicator-Based Dependability Inspections , 2010, 2010 36th EUROMICRO Conference on Software Engineering and Advanced Applications.

[78]  Mathias Ekstedt,et al.  A probabilistic relational model for security risk analysis , 2010, Comput. Secur..

[79]  Siv Hilde Houmb,et al.  Quantifying security risk level from CVSS estimates of frequency and impact , 2010, J. Syst. Softw..

[80]  Peng Liu,et al.  Using Bayesian networks for cyber security analysis , 2010, 2010 IEEE/IFIP International Conference on Dependable Systems & Networks (DSN).

[81]  Sushil Jajodia,et al.  Measuring Security Risk of Networks Using Attack Graphs , 2010, Int. J. Next Gener. Comput..

[82]  G. Manimaran,et al.  Cybersecurity for Critical Infrastructures: Attack and Defense Modeling , 2010, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[83]  Andreas L. Opdahl,et al.  Visualizing Cyber Attacks with Misuse Case Maps , 2010, REFSQ.

[84]  Raphael C.-W. Phan,et al.  Augmented Attack Tree Modeling of Distributed Denial of Services and Tree Based Attack Detection Method , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[85]  Kai Petersen,et al.  Prioritizing Countermeasures through the Countermeasure Method for Software Security (CM-Sec) , 2010, PROFES.

[86]  Jan Willemson,et al.  Efficient Semantics of Parallel and Serial Models of Attack Trees. Ründepuude paralleel- jajadamudelite efektiivsed semantikad , 2010 .

[87]  Barbara Kordy,et al.  Attack-Defense Trees and Two-Player Binary Zero-Sum Extensive Form Games Are Equivalent , 2010, GameSec.

[88]  Markus Buschle,et al.  A Tool for Enterprise Architecture Analysis using the PRM formalism , 2010, CAiSE Forum.

[89]  Tai-hoon Kim,et al.  Improving SCADA control systems security with software vulnerability analysis , 2010 .

[90]  Jan Willemson,et al.  On Fast and Approximate Attack Tree Computations , 2010, ISPEC.

[91]  Nahid Shahmehri,et al.  Unified modeling of attacks, vulnerabilities and security activities , 2010, SESS '10.

[92]  Ludovic Piètre-Cambacédès,et al.  Beyond Attack Trees: Dynamic Security Modeling with Boolean Logic Driven Markov Processes (BDMP) , 2010, 2010 European Dependable Computing Conference.

[93]  Dong Seong Kim,et al.  Cyber security analysis using attack countermeasure trees , 2010, CSIIRW '10.

[94]  Raphael C.-W. Phan,et al.  Augmented attack tree modeling of SQL injection attacks , 2010, 2010 2nd IEEE International Conference on Information Management and Engineering.

[95]  S. Nair,et al.  Cyber threat trees for large system threat cataloging and analysis , 2010, 2010 IEEE International Systems Conference.

[96]  John A. Sokolowski,et al.  Probabilistic Risk Analysis and Terrorism Risk , 2010, Risk analysis : an official publication of the Society for Risk Analysis.

[97]  Frank Elberzhager,et al.  Practical Experience Gained from Modeling Security Goals: Using SGITs in an Industrial Project , 2010, 2010 International Conference on Availability, Reliability and Security.

[98]  Inger Anne Tøndel,et al.  Combining Misuse Cases with Attack Trees and Security Activity Models , 2010, 2010 International Conference on Availability, Reliability and Security.

[99]  Dong Seong Kim,et al.  ACT: Attack Countermeasure Trees for Information Assurance Analysis , 2010, 2010 INFOCOM IEEE Conference on Computer Communications Workshops.

[100]  Robert F. Mills,et al.  Analysing security risks in computer and Radio Frequency Identification (RFID) networks using attack and protection trees , 2010, Int. J. Secur. Networks.

[101]  Inger Anne Tøndel,et al.  Idea: Reusability of Threat Models - Two Approaches with an Experimental Evaluation , 2010, ESSoS.

[102]  Arpan Roy,et al.  Attack Countermeasure Trees: A Non-state-space Approach Towards Analyzing Security and Finding Optimal Countermeasure Sets , 2010 .

[103]  Patrick Harrington,et al.  Using noncooperative potential games to improve network security , 2010 .

[104]  Johnnes Arreymbi,et al.  An examination of the security implications of the supervisory control and data acquisition (SCADA) system in a mobile networked environment: An augmented vulnerability tree approach. , 2010 .

[105]  Andreas L. Opdahl,et al.  Towards a Hacker Attack Representation Method , 2010, ICSOFT.

[106]  Ryoichi Sasaki,et al.  Advances in Information and Computer Security , 2010, Lecture Notes in Computer Science.

[107]  Jan Willemson,et al.  Serial Model for Attack Tree Computations , 2009, ICISC.

[108]  G. Manimaran,et al.  PENET: A practical method and tool for integrated modeling of security attacks and countermeasures , 2009, Comput. Secur..

[109]  Ludovic Apvrille,et al.  Security requirements for automotive on-board networks , 2009, 2009 9th International Conference on Intelligent Transport Systems Telecommunications, (ITST).

[110]  Dmitry Podkuiko,et al.  Energy Theft in the Advanced Metering Infrastructure , 2009, CRITIS.

[111]  L. Nordstrom,et al.  Modeling Security of Power Communication Systems Using Defense Graphs and Influence Diagrams , 2009, IEEE Transactions on Power Delivery.

[112]  Igor Nai Fovino,et al.  Integrating cyber attacks within fault trees , 2009, Reliab. Eng. Syst. Saf..

[113]  Pavol Zavarsky,et al.  Threat Modeling for CSRF Attacks , 2009, 2009 International Conference on Computational Science and Engineering.

[114]  Ana R. Cavalli,et al.  Security Protocol Testing Using Attack Trees , 2009, 2009 International Conference on Computational Science and Engineering.

[115]  Marco Scutari,et al.  Learning Bayesian Networks with the bnlearn R Package , 2009, 0908.3817.

[116]  Ran Liu,et al.  Threat modeling-oriented attack path evaluating algorithm , 2009 .

[117]  Dianxiang Xu,et al.  Security test generation using threat trees , 2009, 2009 ICSE Workshop on Automation of Software Test.

[118]  Parvaiz Ahmed Khand System level security modeling using attack trees , 2009, 2009 2nd International Conference on Computer, Control and Communication.

[119]  Andreas L. Opdahl,et al.  Experimental comparison of attack trees and misuse cases for security threat identification , 2009, Inf. Softw. Technol..

[120]  Patrik Berander,et al.  Evaluating two ways of calculating priorities in requirements hierarchies - An experiment on hierarchical cumulative voting , 2009, J. Syst. Softw..

[121]  Kishor S. Trivedi,et al.  SHARPE at the age of twenty two , 2009, PERV.

[122]  Mathias Ekstedt,et al.  Enterprise architecture models for cyber security analysis , 2009, 2009 IEEE/PES Power Systems Conference and Exposition.

[123]  Sushil Jajodia,et al.  Advances in Topological Vulnerability Analysis , 2009, 2009 Cybersecurity Applications & Technology Conference for Homeland Security.

[124]  Mathias Ekstedt,et al.  Data Collection Prioritization for System Quality Analysis , 2009, Electron. Notes Theor. Comput. Sci..

[125]  M. Ekstedt,et al.  Cyber Security Risks Assessment with Bayesian Defense Graphs and Architectural Models , 2009, 2009 42nd Hawaii International Conference on System Sciences.

[126]  M. Bouissou,et al.  The promising potential of the BDMP formalism for security modeling , 2009 .

[127]  Ram Dantu,et al.  Network risk management using attacker profiling , 2009, Secur. Commun. Networks.

[128]  Zhu Ning,et al.  Design and Application of Penetration Attack Tree Model Oriented to Attack Resistance Test , 2008, 2008 International Conference on Computer Science and Software Engineering.

[129]  Marek Jawurek,et al.  Security Goal Indicator Trees: A Model of Software Features that Supports Efficient Security Inspection , 2008, 2008 11th IEEE High Assurance Systems Engineering Symposium.

[130]  Mathias Ekstedt,et al.  Defense Graphs and Enterprise Architecture for Information Assurance Analysis , 2008 .

[131]  Sandip C. Patel,et al.  Quantitatively assessing the vulnerability of critical information systems: A new method for evaluating security enhancements , 2008, Int. J. Inf. Manag..

[132]  Jan Willemson,et al.  Computing Exact Outcomes of Multi-parameter Attack Trees , 2008, OTM Conferences.

[133]  Stephen Tyree,et al.  Strata-Gem: risk assessment through mission modeling , 2008, QoP '08.

[134]  Sushil Jajodia,et al.  Measuring network security using dynamic bayesian network , 2008, QoP '08.

[135]  Hein S. Venter,et al.  Towards Privacy Taxonomy-Based Attack Tree Analysis for the Protection of Consumer Information Privacy , 2008, 2008 Sixth Annual Conference on Privacy, Security and Trust.

[136]  Mathias Ekstedt,et al.  Combining Defense Graphs and Enterprise Architecture Models for Security Analysis , 2008, 2008 12th International IEEE Enterprise Distributed Object Computing Conference.

[137]  Xinming Ou,et al.  Improving Attack Graph Visualization through Data Reduction and Attack Grouping , 2008, VizSEC.

[138]  Maybin K. Muyeba,et al.  Threat Modeling Revisited: Improving Expressiveness of Attack , 2008, 2008 Second UKSIM European Symposium on Computer Modeling and Simulation.

[139]  Brajendra Panda,et al.  A Knowledge-Based Bayesian Model for Analyzing a System after an Insider Attack , 2008, SEC.

[140]  Jayanta K. Ghosh,et al.  Bayesian Networks and Decision Graphs, 2nd Edition by Finn V. Jensen, Thomas D. Nielsen , 2008 .

[141]  Lars Grunske,et al.  Quantitative risk-based security prediction for component-based systems with explicitly modeled attack profiles , 2008, J. Syst. Softw..

[142]  Lingyu Wang,et al.  Measuring Network Security Using Bayesian Network-Based Attack Graphs , 2008, 2008 32nd Annual IEEE International Computer Software and Applications Conference.

[143]  Sushil Jajodia,et al.  An Attack Graph-Based Probabilistic Security Metric , 2008, DBSec.

[144]  S. Bhattacharya,et al.  A Vulnerability and Exploit Independent Approach for Attack Path Prediction , 2008, 2008 IEEE 8th International Conference on Computer and Information Technology Workshops.

[145]  Seok-Won Lee,et al.  Proceedings of the fourth international workshop on Software engineering for secure systems , 2008, ICSE 2008.

[146]  Till Dörges,et al.  From security patterns to implementation using petri nets , 2008, SESS '08.

[147]  Vamsi Paruchuri,et al.  Threat modeling using attack trees , 2008 .

[148]  Nahid Shahmehri,et al.  A Cause-Based Approach to Preventing Software Vulnerabilities , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[149]  Irina Trubitsyna,et al.  Analyzing Security Scenarios Using Defence Trees and Answer Set Programming , 2008, Electron. Notes Theor. Comput. Sci..

[150]  Wang Hui,et al.  An improved model of attack probability prediction system , 2008, Wuhan University Journal of Natural Sciences.

[151]  G. Park,et al.  Cyber Security Analysis by Attack Trees for a Reactor Protection System , 2008 .

[152]  David John Leversage,et al.  Estimating a System's Mean Time-to-Compromise , 2008, IEEE Security & Privacy.

[153]  Per Håkon Meland,et al.  SeaMonster: Providing tool support for security modeling , 2008 .

[154]  Jan Willemson,et al.  Processing Multi-parameter Attacktrees with Estimated Parameter Values , 2007, IWSEC.

[155]  Ahto Buldas,et al.  Practical Security Analysis of E-Voting Systems , 2007, IWSEC.

[156]  Sushil Jajodia,et al.  Toward measuring network security using attack graphs , 2007, QoP '07.

[157]  Indrajit Ray,et al.  Optimal security hardening using multi-objective optimization on attack tree models of networks , 2007, CCS '07.

[158]  Erik Johansson,et al.  A Tool for Enterprise Architecture Analysis , 2007, 11th IEEE International Enterprise Distributed Object Computing Conference (EDOC 2007).

[159]  David John Leversage,et al.  Comparing Electronic Battlefields: Using Mean Time-To-Compromise as a Comparative Security Metric , 2007 .

[160]  Bülent Yener,et al.  Modeling and detection of complex attacks , 2007, 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007.

[161]  Sushil Jajodia,et al.  Measuring the Overall Security of Network Configurations Using Attack Graphs , 2007, DBSec.

[162]  Robert Lagerström,et al.  Enterprise architecture analysis with extended influence diagrams , 2007, Inf. Syst. Frontiers.

[163]  Chen-Ching Liu,et al.  Vulnerability Assessment of Cybersecurity for SCADA Systems Using Attack Trees , 2007, 2007 IEEE Power Engineering Society General Meeting.

[164]  Guttorm Sindre,et al.  Mal-Activity Diagrams for Capturing Attacks on Business Processes , 2007, REFSQ.

[165]  Ram Dantu,et al.  Classification of Attributes and Behavior in Risk Management Using Bayesian Networks , 2007, 2007 IEEE Intelligence and Security Informatics.

[166]  Nahid Shahmehri,et al.  Design of a Process for Software Security , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[167]  Eugene H. Spafford,et al.  Automated adaptive intrusion containment in systems of interacting services , 2007, Comput. Networks.

[168]  Sushil Jajodia Topological analysis of network attack vulnerability , 2007, ASIACCS '07.

[169]  Indrajit Ray,et al.  Investigating Computer Attacks Using Attack Trees , 2007, IFIP Int. Conf. Digital Forensics.

[170]  Michael R. Grimaila,et al.  The Use of Attack and Protection Trees to Analyze Security for an Online Banking System , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[171]  Richard A. Raines,et al.  A framework for analyzing and mitigating the vulnerabilities of complex systems via attack and protection trees , 2007 .

[172]  M. Bouissou A Generalization of Dynamic Fault Trees through Boolean logic Driven Markov Processes (BDMP)® , 2007 .

[173]  Jan Trobitius,et al.  Anwendung der "Common Criteria for Information Technology Security Evaluation" (CC) / ISO 15408 auf ein SOA Registry-Repository , 2007, Informatiktage.

[174]  Kai Rannenberg,et al.  Advances in Information and Computer Security, Second International Workshop on Security, IWSEC 2007, Nara, Japan, October 29-31, 2007, Proceedings , 2007, IWSEC.

[175]  Jeanne H. Espedalen Attack Trees Describing Security in Distributed Internet-Enabled Metrology , 2007 .

[176]  Nicolas Chaufette,et al.  Vulnerability Cause Graphs : A Case of Study , 2007 .

[177]  Robert Lagerström,et al.  Extended Influence Diagram Generation , 2007, IESA.

[178]  Ida Hogganvik,et al.  A Graphical Approach to Security Risk Analysis , 2007 .

[179]  Richard Lippmann,et al.  An Interactive Attack Graph Cascade and Reachability Display , 2007, VizSEC.

[180]  Richard E. Neapolitan,et al.  Learning Bayesian networks , 2007, KDD '07.

[181]  Xia Wang,et al.  Software fault tree and coloured Petri net-based specification, design and implementation of agent-based intrusion detection systems , 2007, Int. J. Inf. Comput. Secur..

[182]  Richard Lippmann,et al.  Practical Attack Graph Generation for Network Defense , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[183]  Karen Scarfone,et al.  Common Vulnerability Scoring System , 2006, IEEE Security & Privacy.

[184]  Sushil Jajodia,et al.  Minimum-cost network hardening using attack graphs , 2006, Comput. Commun..

[185]  Sushil Jajodia,et al.  Topological analysis of network attack vulnerability , 2006, PST.

[186]  Xinming Ou,et al.  A scalable approach to attack graph generation , 2006, CCS '06.

[187]  R.F. Mills,et al.  Using Attack and Protection Trees to Analyze Threats and Defenses to Homeland Security , 2006, MILCOM 2006 - 2006 IEEE Military Communications conference.

[188]  Ronald R. Yager OWA trees and their role in security modeling using attack trees , 2006, Inf. Sci..

[189]  Nahid Shahmehri,et al.  Modeling Software VulnerabilitiesWith Vulnerability Cause Graphs , 2006, 2006 22nd IEEE International Conference on Software Maintenance.

[190]  Edmund M. Clarke,et al.  Ranking Attack Graphs , 2006, RAID.

[191]  Jan Willemson,et al.  Rational Choice of Security Measures Via Multi-parameter Attack Trees , 2006, CRITIS.

[192]  Stefano Bistarelli,et al.  Strategic Games on Defense Trees , 2006, Formal Aspects in Security and Trust.

[193]  Nick Cercone,et al.  Privacy intrusion detection using dynamic Bayesian networks , 2006, ICEC '06.

[194]  Sushil Jajodia,et al.  Interactive Analysis of Attack Graphs Using Relational Queries , 2006, DBSec.

[195]  R.F. Mills,et al.  Analyzing Attack Trees using Generalized Stochastic Petri Nets , 2006, 2006 IEEE Information Assurance Workshop.

[196]  Nahid Shahmehri,et al.  Towards a structured unified process for software security , 2006, SESS '06.

[197]  Stefano Bistarelli,et al.  Defense trees for economic evaluation of security investments , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[198]  Dianxiang Xu,et al.  Threat-driven modeling and verification of secure software using aspect-oriented Petri nets , 2006, IEEE Transactions on Software Engineering.

[199]  Miles A. McQueen,et al.  Quantitative Cyber Risk Reduction Estimation Methodology for a Small SCADA Control System , 2006, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06).

[200]  Igor Kotenko,et al.  Analyzing Network Security using Malefactor Action Graphs , 2006 .

[201]  Miles A. McQueen,et al.  Time-to-Compromise Model for Cyber Risk Reduction Estimation , 2006, Quality of Protection.

[202]  Bülent Yener,et al.  A formal method for attack modelling and detection , 2006 .

[203]  Susan Elliott Sim,et al.  A Comparative Evaluation of Three Approaches to Specifying Security Requirements , 2006 .

[204]  Lillian. Rostad An extended misuse case notation: Including vulnerabilities and the insider threat , 2006 .

[205]  Pieter H. Hartel,et al.  VISPER: The VIrtual Security PERimeter for digital, physical, and organisational security , 2006 .

[206]  Sjouke Mauw,et al.  Foundations of Attack Trees , 2005, ICISC.

[207]  Sushil Jajodia,et al.  Multiple coordinated views for network attack graphs , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[208]  Xinyu Wang,et al.  Survivability analysis of distributed systems using attack tree methodology , 2005, MILCOM 2005 - 2005 IEEE Military Communications Conference.

[209]  Indrajit Ray,et al.  Using Attack Trees to Identify Malicious Attacks from Authorized Insiders , 2005, ESORICS.

[210]  Andrew W. Appel,et al.  MulVAL: A Logic-based Network Security Analyzer , 2005, USENIX Security Symposium.

[211]  Eugene H. Spafford,et al.  ADEPTS: adaptive intrusion response using attack graphs in an e-commerce environment , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[212]  Jaideep Srivastava,et al.  Managing Cyber Threats: Issues, Approaches, and Challenges (Massive Computing) , 2005 .

[213]  Ram Dantu,et al.  Risk Management Using Behavior Based Bayesian Networks , 2005, ISI.

[214]  Nancy R. Mead,et al.  Security quality requirements engineering (SQUARE) methodology , 2005, SESS@ICSE.

[215]  Richard P. Lippmann,et al.  An Annotated Review of Past Papers on Attack Graphs , 2005 .

[216]  Yu Liu,et al.  Network vulnerability assessment using Bayesian networks , 2005, SPIE Defense + Commercial Sensing.

[217]  Gregory S. Parnell,et al.  Mission Oriented Risk and Design Analysis of Critical Information Systems , 2005 .

[218]  Kaarina Karppinen,et al.  Security Measurement based on Attack Trees in a Mobile Ad Hoc Network Environment: Master's thesis , 2005 .

[219]  Amer Aijaz,et al.  Attacks on Inter Vehicle Communication Systems-an Analysis , 2005 .

[220]  Wenke Lee,et al.  Attack plan recognition and prediction using causal networks , 2004, 20th Annual Computer Security Applications Conference.

[221]  Juanjo Unzilla,et al.  Application of 'Attack Trees' Technique to Copyright Protection Protocols Using Watermarking and Definition of a New Transactions Protocol SecDP (Secure Distribution Protocol) , 2004, MIPS.

[222]  Shelby Evans,et al.  Risk-based Systems Security Engineering: Stopping Attacks with Intention , 2004, IEEE Secur. Priv..

[223]  Sushil Jajodia,et al.  Managing attack graph complexity through visual hierarchical aggregation , 2004, VizSEC/DMSEC '04.

[224]  K. Clark,et al.  Qualitative and quantitative analytical techniques for network security assessment , 2004, Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004..

[225]  Axel van Lamsweerde,et al.  Elaborating security requirements by construction of intentional anti-models , 2004, Proceedings. 26th International Conference on Software Engineering.

[226]  John Hale,et al.  A systematic approach to multi-stage network attack analysis , 2004, Second IEEE International Information Assurance Workshop, 2004. Proceedings..

[227]  Ram Dantu,et al.  Risk management using behavior based attack graphs , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[228]  Andreas L. Opdahl,et al.  Eliciting security requirements with misuse cases , 2004, Requirements Engineering.

[229]  Michael D. Smith,et al.  Computer security strength and risk: a quantitative approach , 2004 .

[230]  E. Byres,et al.  The Use of Attack Trees in Assessing Vulnerabilities in SCADA Systems , 2004 .

[231]  Frank Swiderski,et al.  Threat Modeling , 2018, Hacking Connected Cars.

[232]  Jeannette M. Wing,et al.  Scenario graphs and attack graphs , 2004 .

[233]  A. Karimi,et al.  Master‟s thesis , 2011 .

[234]  Sushil Jajodia,et al.  Efficient minimum-cost network hardening via exploit dependency graphs , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[235]  Saurabh Bagchi,et al.  Collaborative intrusion detection system (CIDS): a framework for accurate and efficient IDS , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[236]  Marc Bouissou,et al.  A new formalism that combines advantages of fault-trees and Markov models: Boolean logic driven Markov processes , 2003, Reliab. Eng. Syst. Saf..

[237]  Murtuza Jadliwala,et al.  Representation and analysis of coordinated attacks , 2003, FMSE '03.

[238]  Sean Convery,et al.  An Attack Tree for the Border Gateway Protocol , 2003 .

[239]  Richard F. Paige,et al.  Fault trees for security system design and analysis , 2003, Comput. Secur..

[240]  D. Pinto Secrets and Lies: Digital Security in a Networked World , 2003 .

[241]  S. Vidalis,et al.  Using Vulnerability Trees for Decision Making in Threat Assessment , 2003 .

[242]  S. Bagchi,et al.  ADEPTS : Adaptive Intrusion Containment and Response using Attack Graphs in an E-Commerce Environment , 2003 .

[243]  Cnrs Fre,et al.  A new formalism that combines advantages of fault-trees and Markov models: Boolean logic Driven Markov Processes , 2003 .

[244]  Axel van Lamsweerde,et al.  From system goals to intruder anti-goals: attack generation and resolution for security requirements engineering , 2003 .

[245]  Ian F. Alexander,et al.  Misuse Cases: Use Cases with Hostile Intent , 2003, IEEE Softw..

[246]  Donald Firesmith,et al.  Security Use Cases , 2003, J. Object Technol..

[247]  Jerald Dawkins,et al.  A structural framework for modeling multi-stage network attacks , 2002, Proceedings. International Conference on Parallel Processing Workshop.

[248]  Vasant Honavar,et al.  A Software Fault Tree Approach to Requirements Analysis of an Intrusion Detection System , 2002, Requirements Engineering.

[249]  Duminda Wijesekera,et al.  Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[250]  Andreas L. Opdahl,et al.  Generalization/specialization as a structuring mechanism for misuse cases , 2002 .

[251]  Somesh Jha,et al.  Automated generation and analysis of attack graphs , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[252]  Markus Schumacher,et al.  Collaborative attack modeling , 2002, SAC '02.

[253]  Makis Stamatelatos,et al.  Fault tree handbook with aerospace applications , 2002 .

[254]  Nathalie Louise Foster,et al.  The application of software and safety engineering techniques to security protocol development , 2002 .

[255]  Andrew P. Moore,et al.  Foundations for Survivable System Development: Service Traces, Intrusion Traces, and Evaluation Models , 2001 .

[256]  Cynthia A. Phillips,et al.  Computer-attack graph generation tool , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[257]  Andrew P. Moore,et al.  Attack Modeling for Information Security and Survivability , 2001 .

[258]  James P. McDermott,et al.  Attack net penetration testing , 2001, NSPW '00.

[259]  Zhou Hai,et al.  Software for fault tree analysis , 2001 .

[260]  Finn V. Jensen,et al.  Bayesian Networks and Decision Graphs , 2001, Statistics for Engineering and Information Science.

[261]  Andreas L. Opdahl,et al.  Templates for Misuse Case Description , 2001 .

[262]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[263]  Axel van Lamsweerde,et al.  Handling Obstacles in Goal-Oriented Requirements Engineering , 2000, IEEE Trans. Software Eng..

[264]  David Coppit,et al.  Developing a low-cost high-quality software tool for dynamic fault-tree analysis , 2000, IEEE Trans. Reliab..

[265]  Bruce Schneier,et al.  Secrets and Lies: Digital Security in a Networked World , 2000 .

[266]  John P. McDermott,et al.  Using abuse case models for security requirements analysis , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[267]  Lise Getoor,et al.  Learning Probabilistic Relational Models , 1999, IJCAI.

[268]  David John Pumfrey,et al.  The principled design of computer system safety analyses , 1999 .

[269]  Bruce Schneier,et al.  Toward a secure system engineering methodolgy , 1998, NSPW '98.

[270]  William A. Wulf,et al.  Practical computer security analysis , 1998 .

[271]  William A. Wulf,et al.  A practical approach to security assessment , 1998, NSPW '97.

[272]  Cynthia A. Phillips,et al.  A graph-based system for network-vulnerability analysis , 1998, NSPW '98.

[273]  Ira S. Moskowitz,et al.  An insecurity flow model , 1998, NSPW '97.

[274]  Marc Dacier,et al.  Models and tools for quantitative assessment of operational security , 1996, SEC.

[275]  Catherine A. Meadows,et al.  A representation of protocol attacks for risk assessment , 1996, Network Threats.

[276]  Peter Neumann,et al.  Safeware: System Safety and Computers , 1995, SOEN.

[277]  大西 仁,et al.  Pearl, J. (1988, second printing 1991). Probabilistic Reasoning in Intelligent Systems: Networks of Plausible Inference. Morgan-Kaufmann. , 1994 .

[278]  Marc Dacier,et al.  Privilege Graph: an Extension to the Typed Access Matrix Model , 1994, ESORICS.

[279]  Marc Dacier Vers une évaluation quantitative de la sécurité informatique. (Towards a quantitative evaluation of computer security) , 1994 .

[280]  Eugene H. Spafford,et al.  A PATTERN MATCHING MODEL FOR MISUSE INTRUSION DETECTION , 1994 .

[281]  Edward G. Amoroso,et al.  Fundamentals of computer security technology , 1994 .

[282]  R. Reiter,et al.  Temporal reasoning in the situation calculus , 1994 .

[283]  Hans L. Bodlaender,et al.  A linear time algorithm for finding tree-decompositions of small treewidth , 1993, STOC.

[284]  Alok Aggarwal,et al.  Proceedings of the twenty-fifth annual ACM symposium on Theory of Computing , 1992, STOC.

[285]  Salvatore J. Bavuso,et al.  Dynamic fault-tree models for fault-tolerant computer systems , 1992 .

[286]  Salvatore J. Bavuso,et al.  Fault trees and sequence dependencies , 1990, Annual Proceedings on Reliability and Maintainability Symposium.

[287]  Judea Pearl,et al.  Probabilistic reasoning in intelligent systems - networks of plausible inference , 1991, Morgan Kaufmann series in representation and reasoning.

[288]  W E Vesely,et al.  Fault Tree Handbook , 1987 .

[289]  Judea Pearl,et al.  Fusion, Propagation, and Structuring in Belief Networks , 1986, Artif. Intell..

[290]  Stefan Arnborg,et al.  Efficient algorithms for combinatorial problems on graphs with bounded decomposability — A survey , 1985, BIT.

[291]  Stefan Arnborg,et al.  Efficient Algorithms for Combinatorial Problems with Bounded Decomposability - A Survey. , 1985 .

[292]  W W Daniel,et al.  An introduction to decision analysis. , 1978, The Journal of nursing administration.

[293]  J. Kellett London , 1914, The Hospital.

[294]  T. Tidwell,et al.  Modeling Internet Attacks , 2022 .