Differential Attack Graph-Based Approach for Assessing Change in the Network Attack Surface
作者: Ghanshyam S. Bopche , Gopal N. Rai , B. Ramchandra Reddy , B. M. Mehtre
DOI: 10.1007/978-3-030-36945-3_18
关键词:
摘要: Assessing change in an attack surface of dynamic computer networks is a formidable challenge. Researchers have previously looked into the problem measuring network risk and used graph (AG) for hardening. However, such AG-based approaches do not consider likely variations surface. Further, even though it possible to generate graphs realistic efficiently, resulting poses severe challenge human comprehension. To overcome problems, this paper, we present differential graph-based detection technique. We proposed distribution matrix-based technique discern differences Our method only detects degree but also finds root causes time-efficient manner. use synthetic illustrate approach perform set simulations evaluate performance. Experimental results show that our capable assessing changes surface, thus can be practice
springer.com
sci-hub.st 参考文章(37)
George Cybenko, Sushil Jajodia, Michael P. Wellman, Peng Liu, Adversarial and Uncertain Reasoning for Adaptive Cyber Defense: Building the Scientific Foundation international conference on information systems security. pp. 1- 8 ,(2014) , 10.1007/978-3-319-13841-1_1
Sushil Jajodia, Steven Noel, Lingyu Wang, Anoop Singhal, Measuring Security Risk of Networks Using Attack Graphs international journal of next-generation computing. ,vol. 1, pp. 135- 147 ,(2010)
Sudhakar Govindavajhala, Xinming Ou, Andrew W. Appel, MulVAL: a logic-based network security analyzer usenix security symposium. pp. 8- 8 ,(2005)
Danai Koutra, Joshua T. Vogelstein, Christos Faloutsos, DELTACON: A Principled Massive-Graph Similarity Function arXiv: Social and Information Networks. ,(2013)
Nirnay Ghosh, Ishan Chokshi, Mithun Sarkar, Soumya K. Ghosh, Anil Kumar Kaushik, Sajal K. Das, NetSecuritas: An Integrated Attack Graph-based Security Assessment Tool for Enterprise Networks international conference of distributed computing and networking. pp. 30- ,(2015) , 10.1145/2684464.2684494
P. Bhattacharya, S.K. Ghosh, Analytical framework for measuring network security using exploit dependency graph Iet Information Security. ,vol. 6, pp. 264- 270 ,(2012) , 10.1049/IET-IFS.2011.0103
P. Showbridge, M. Kraetzl, D. Ray, Detection of abnormal change in dynamic networks conference on decision and control. pp. 557- 562 ,(1999) , 10.1109/IDC.1999.754216
Joseph Pamula, Sushil Jajodia, Paul Ammann, Vipin Swarup, A weakest-adversary security metric for network configuration security analysis Proceedings of the 2nd ACM workshop on Quality of protection - QoP '06. pp. 31- 38 ,(2006) , 10.1145/1179494.1179502
Horst Bunke, Kim Shearer, A graph distance metric based on the maximal common subgraph Pattern Recognition Letters. ,vol. 19, pp. 255- 259 ,(1998) , 10.1016/S0167-8655(97)00179-7
Lingyu Wang, Sushil Jajodia, Anoop Singhal, Pengsu Cheng, Steven Noel, k-Zero Day Safety: A Network Security Metric for Measuring the Risk of Unknown Vulnerabilities IEEE Transactions on Dependable and Secure Computing. ,vol. 11, pp. 30- 44 ,(2014) , 10.1109/TDSC.2013.24