Abstract | ||
---|---|---|
An integral part of modeling the global view of network security isconstructing attack graphs.In practice, attack graphs areproduced manually by Red Teams.Construction by hand, however, istedious, error-prone, and impractical for attack graphs larger than ahundred nodes.In this paper we present an automated technique forgenerating and analyzing attack graphs.We base our technique onsymbolic model checking algorithms,letting us construct attack graphs automatically and efficiently.Wealso describe two analyses to help decide which attacks would be mostcost-effective to guard against.We implemented our technique in atool suite and tested it on a small network example, which includesmodels of a firewall and an intrusion detection system. |
Year | DOI | Venue |
---|---|---|
2002 | 10.1109/SECPRI.2002.1004377 | IEEE Symposium on Security and Privacy |
Keywords | Field | DocType |
authorisation,computer network management,telecommunication security,automated attack graph analysis,automated attack graph generation,firewall,intrusion detection system,network security,symbolic model checking algorithms | Model checking,Firewall (construction),Suite,Computer science,Computer security,Network security,Attack tree,Guard (information security),Intrusion detection system,Attack graph | Conference |
ISSN | ISBN | Citations |
1081-6011 | 0-7695-1543-6 | 509 |
PageRank | References | Authors |
35.10 | 12 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Jeannette M. Wing | 1 | 6429 | 874.60 |
Haines, J. | 2 | 509 | 35.10 |
S. Jha | 3 | 7921 | 539.19 |
Lippmann, R. | 4 | 509 | 35.10 |