Table of Contents Author Guidelines Submit a Manuscript
Journal of Computer Networks and Communications
Volume 2014, Article ID 818957, 13 pages
http://dx.doi.org/10.1155/2014/818957
Review Article

Use of Attack Graphs in Security Systems

1Department of Computer Science, University of Memphis, Memphis, TN 38152, USA
2School of Computing and Informatics, Lipscomb University, Nashville, TN 37204, USA

Received 22 June 2014; Revised 29 September 2014; Accepted 29 September 2014; Published 20 October 2014

Academic Editor: Tzonelih Hwang

Copyright © 2014 Vivek Shandilya et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Linked References

  1. O. M. Sheyner, Scenario graphs and attack graphs [Ph.D. thesis], School of Computer Science, Computer Science Department, 2004.
  2. J. M. Wing, Scenario Graphs Applied to Network Security, Elsevier, 2008.
  3. R. Lipmann and K. Ingols, “An annotated review of past papers on attack graphs,” Tech. Rep., Lincoln Laboratory, 2005. View at Google Scholar
  4. V. Viduto, W. Huang, and C. Maple, “Toward optimal multi-objective models of network security: survey,” in Proceedings of the 17th International Conference on Automation and Computing (ICAC '11), pp. 6–11, September 2011. View at Scopus
  5. N. C. Idika, Characterizing and aggregating attack graph-based security metric [Ph.D. thesis], Center for Education and Research, Information Assurance and Security, Purdue University, 2010.
  6. V. Mehta, C. Bartzis, H. Zhu, E. Clarke, and J. Wing, “Ranking attack graphs,” in Proceedings of the 9th International Conference on Recent Advances in Intrusion Detection (RAID '06), pp. 127–144, Springer, Berlin, Germany, 2006.
  7. S. Wang, Z. Zhang, and Y. Kadobayashi, “Exploring attack graph for cost-benefit security hardening: a probabilistic approach,” Computers and Security, vol. 32, pp. 158–169, 2013. View at Publisher · View at Google Scholar · View at Scopus
  8. K. Ingols, M. Chu, R. Lippmann, S. Webster, and S. Boyer, “Modeling modern network attacks and countermeasures using attack graphs,” in Proceedings of the 25th Annual Computer Conference Security Applications (ACSAC '09), pp. 117–126, December 2009. View at Publisher · View at Google Scholar · View at Scopus
  9. J. Hong and D.-S. Kim, HARMs: Hierarchical Attack Representation Models for Network Security Analysis, SRI Security Research Institute, Edith Cowan University, Perth, Australia, 2012.
  10. R. Cole, Multi-step attack detect ion via Bayesian modeling under model parameter uncertainty [Ph.D. thesis], College of Information Sciences and Technology, 2013.
  11. I. Kotenko and M. Stephashkin, “Attack graph based evaluation of network security,” in Communications and Multimedia Security, H. Leitold and E. Markatos, Eds., pp. 216–227, Springer, Berlin, Germany, 2006. View at Google Scholar
  12. P. Kijsanayothin and R. Hewett, “Analytical approach to attack graph analysis for network security,” in Proceedings of the 5th International Conference on Availability, Reliability, and Security (ARES '10), pp. 25–32, February 2010. View at Publisher · View at Google Scholar · View at Scopus
  13. P. Xie, J. H. Li, X. Ou, P. Liu, and R. Levy, “Using Bayesian networks for cyber security analysis,” in Proceedings of the 2010 IEEE/IFIP International Conference on Dependable Systems and Networks (DSN '10), pp. 211–220, Chicago, Ill, USA, June 2010. View at Publisher · View at Google Scholar
  14. R. Dewri, N. Poolsappasit, I. Ray, and D. Whitley, “Optimal security hardening using multi-objective optimization on attack tree models of networks,” in Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS '07), pp. 204–213, ACM, November 2007. View at Publisher · View at Google Scholar · View at Scopus
  15. L. Wang, T. Islam, T. Long, A. Singhal, and S. Jajodia, “An attack graph-based probabilistic security metric,” in Proceeedings of the 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security, pp. 283–296, Springer, Berlin, Germany, 2008. View at Google Scholar
  16. H. Huang, S. Zhang, X. Ou, A. Prakash, and K. Sakallah, “Distilling critical attack graph surface iteratively through minimum-cost sat Solving,” in Proceedings of the 27th Annual Computer Security Applications Conference (ACSAC '11), pp. 31–40, New York, NY, USA, December 2011. View at Publisher · View at Google Scholar · View at Scopus
  17. J. Homer, S. Zhang, X. Ou et al., “Aggregating vulnerability metrics in enterprise networks using attack graphs,” Journal of Computer Security, vol. 21, no. 4, pp. 561–597, 2013. View at Publisher · View at Google Scholar · View at Scopus
  18. S. Noel, S. Jajodia, L. Wang, and A. Singhal, “Measuring security risk of networks using attack graphs,” International Journal of Next-Generation Computing, vol. 1, no. 1, 2010. View at Google Scholar
  19. N. Poolsappasit, R. Dewri, and I. Ray, “Dynamic security risk management using Bayesian attack graphs,” IEEE Transactions on Dependable and Secure Computing, vol. 9, no. 1, pp. 61–74, 2012. View at Publisher · View at Google Scholar · View at Scopus
  20. X. Ou, W. F. Boyer, and M. A. McQueen, “A scalable approach to attack graph generation,” in Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS '06), pp. 336–345, ACM, New York, NY, USA, November 2006. View at Publisher · View at Google Scholar · View at Scopus
  21. K. Ingols, R. Lippmann, and K. Piwowarski, “Practical attack graph generation for network defense,” in Proceedings of the 22nd Annual Computer Security Applications Conference (ACSAC '06), pp. 121–130, Miami Beach, Fla, USA, December 2006. View at Publisher · View at Google Scholar · View at Scopus
  22. M. Danforth, Models for threat assessment in networks [Ph.D. thesis], School of Computer Science Computer, Science Department, 2006.
  23. R. E. Sawilla and X. Ou, “Identifying critical attack assets in dependency attack graphs,” in Computer Security—ESORICS 2008, S. Jajodia and J. Lopez, Eds., vol. 5283 of Lecture Notes in Computer Science, pp. 18–34, Springer, Berlin, Germany, 2008. View at Google Scholar
  24. R. Schuppenies, Automatic extraction of vulnerability information for attack graphs [M.S. thesis], Hasso-Plattner-Institute for IT Systems Engineering, 2009.
  25. P. Cheng, L. Wang, and T. Long, “Compressing attack graphs through reference encoding,” in Proceedings of the 10th IEEE International Conference on Computer and Information Technology (CIT '10), pp. 1026–1031, July 2010. View at Publisher · View at Google Scholar · View at Scopus
  26. E. S. Abramov, A. V. Andreev, D. V. Mordvin, and O. B. Makarevich, “Corporate networks security evaluation based on attack graphs,” in Proceedings of the 4th International Conference on Security of Information and Networks (SIN '11), vol. 11, pp. 29–36, ACM, New York, NY, USA, 2011.
  27. L. Williams, R. Lippmann, and K. Ingols, “An interactive attack graph cascade and reachability display,” in VizSEC 2007: Proceedings of the Workshop on Visualization for Computer Security, Mathematics and Visualization, pp. 221–236, Springer, Berlin, Germany, 2008. View at Publisher · View at Google Scholar
  28. A. Xie, Z. Cai, C. Tang, J. Hu, and Z. Chen, “Evaluating network security with two-layer attack graphs,” in Proceedings of the 25th Annual Computer Conference Security Applications (ACSAC '09), pp. 127–136, December 2009. View at Publisher · View at Google Scholar · View at Scopus
  29. M. Chu, K. Ingols, R. Lippmann, S. Webster, and S. Boyer, “Visualizing attack graphs, reachability, and trust relationships with navigator,” in Proceedings of the 7th International Symposium on Visualization for Cyber Security (VizSec '10), pp. 22–33, ACM, New York, NY, USA, September 2010. View at Publisher · View at Google Scholar · View at Scopus
  30. L. Wang, S. Jajodia, A. Singhal, P. Cheng, and S. Noel, “K-zero day safety: a network security metric for measuring the risk of unknown vulnerabilities,” IEEE Transactions on Dependable and Secure Computing, vol. 11, no. 1, pp. 30–44, 2014. View at Publisher · View at Google Scholar · View at Scopus