Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
MTZ-Fachkongress

Antriebe und Energiesysteme von morgen


Austausch von Automobil- und Energiewirtschaft

Am 14./15. Mai geht es in Chemnitz um die Mobilitätswende durch Elektro- und Wasserstofffahrzeuge.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Measuring the Overall Network Security by Combining CVSS Scores Based on Attack Graphs and Bayesian Networks Kapitel lesen Erstes Kapitel lesen

2017 | OriginalPaper | Buchkapitel

Security Risk Analysis of Enterprise Networks Using Probabilistic Attack Graphs

verfasst von : Anoop Singhal, Xinming Ou

Erschienen in: Network Security Metrics

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Today’s information systems face sophisticated attackers who combine multiple vulnerabilities to penetrate networks with devastating impact. The overall security of an enterprise network cannot be determined by simply counting the number of vulnerabilities. To more accurately assess the security of enterprise systems, one must understand how vulnerabilities can be combined and exploited to stage an attack. Composition of vulnerabilities can be modeled using probabilistic attack graphs, which show all paths of attacks that allow incremental network penetration. Attack likelihoods are propagated through the attack graph, yielding a novel way to measure the security risk of enterprise systems. This metric for risk mitigation analysis is used to maximize the security of enterprise systems. This methodology based on probabilistic attack graphs can be used to evaluate and strengthen the overall security of enterprise networks.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Refining CVSS-Based Network Security Metrics by Examining the Base Scores
Nächstes Kapitel k-Zero Day Safety: Evaluating the Resilience of Networks Against Unknown Attacks
Fußnoten
1
Computer Emergency Response Team, http://​www.​cert.​org/​.
 
Literatur
1.
A. Jaquith, Security Metrics: Replacing Fear, Uncertainty, and Doubt (Addison Wesley, Upper Saddle River, 2007)
2.
S. Noel, J. Jajodia, Understanding complex network attack graphs through clustered adjacency matrices, in Proceedings of the 21st Annual Computer Security Applications Conference (2005)
3.
S. Noel, S. Jajodia, Managing attack graph complexity through visual hierarchical aggregation, in Proceedings of the ACM CCS Workshop on Visualization and Data Mining for Computer Security (2004)
4.
S. Jajodia, S. Noel, B. O’Berry, Topological analysis of network attack vulnerability, in Managing Cyber Threats: Issues, Approaches and Challenges, ed. by V. Kumar, J. Srivastava, A. Lazarevic (Springer, New York, 2005)
5.
K. Ingols, R. Lippmann, K. Piwowarski, Practical attack graph generation for network defense, in Proceedings of ACSAC Conference (2006)
6.
K. Ingols, M. Chu, R. Lippmann, S. Webster, S. Boyer, Modeling modern network attacks and countermeasures using attack graphs, in Proceedings of ACSAC Conference (2009)
7.
X. Ou, W.F. Boyer, M.A. McQueen, A scalable approach to attack graph generation, in Proceedings of 13th ACM CCS Conference (2006), pp. 336–345
8.
X. Ou, S. Govindavajhala, A.W. Apple, MULVAL: a logic based network security analyzer, in 14th USENIX Security Symposium (2005)
9.
10.
11.
12.
13.
L. Wang, A. Singhal, S. Jajodia, Measuring the overall security of network configurations using attack graphs, in Proceedings of the 21st IFIP WG 11.3 Working Conference on Data and Applications Security (Springer-Verlag, 2007)
14.
J. Pamula, S. Jajodia, P. Ammann, V. Swarup, A weakest-adversary security metric for network configuration security analysis, in Proceedings of the 2nd ACM Workshop on Quality of Protection (ACM Press, 2006)
15.
16.
M. Swanson, N. Bartol, J. Sabato, J. Hash, L. Graffo, Security Metrics Guide for Information Technology Systems, Special Publication 800-55 (National Institute of Standards and Technology, 2003)
17.
G. Stoneburner, C. Hayden, A. Feringa, Engineering Principles for Information Technology Security, Special Publication 800-27 (Rev A) (National Institute of Standards and Technology, 2004)
18.
Joint Task Force Transformation Initiative, NIST Special Publication 800-39, Managing Information Security Risk, Organization, Mission and Information System Review (2011)
19.
E. Chew, M. Swanson, K. Stine, N. Bartol, A. Brown, W. Robinson, NIST Special Publication 800-55 Revision 1, Performance Measurement Guide for Information Security (2008)
20.
G. Stoneburner, A. Goguen, A. Feringa, NIST Special Publication 800-30, Risk Management Guide for Information Technology Systems (2001)
21.
22.
R. Ritchey, P. Ammann, Using model checking to analyze network vulnerabilities, in Proceedings of the IEEE Symposium on Security and Privacy (2000)
23.
O. Sheyner, J. Haines, S. Jha, R. Lippmann, J. Wing, Automated generation and analysis of attack graphs, in Proceedings of the IEEE Symposium on Security and Privacy (2002)
24.
P. Ammann, D. Wijesekera, S. Kaushik, Scalable, graph-based network vulnerability analysis, in Proceedings of the ACM Conference on Computer and Communications Security (2002)
25.
R. Lippmann, K. Ingols, C. Scott, K. Piwowarski, K. Kratkiewicz, M. Artz, R. Cunningham, Validating and restoring defense in depth using attack graphs, in MILCOM Military Communications Conference (2006)
26.
S. Noel, S. Jajodia, Advanced vulnerability analysis and intrusion detection through predictive attack graphs, in Critical Issues in C4I, Armed Forces Communications and Electronics Association (AFCEA) Solutions Series (2009)
27.
S. Noel, S. Jajodia, Proactive intrusion prevention and response via attack graphs, in Practical Intrusion Detection, ed. by R. Trost Addison-Wesley Professional, (2009)
28.
F. Cuppens, R. Ortalo, LAMBDA: a language to model a database for detection of attacks, in Proceedings of the Workshop on Recent Advances in Intrusion Detection (2000)
29.
S. Templeton, K. Levitt, A requires/provides model for computer attacks, in Proceedings of the New Security Paradigms Workshop (2000)
30.
R. Ritchey, B. O’Berry, S. Noel, Representing TCP/IP connectivity for topological analysis of network security, in Proceedings of the 18th Annual Computer Security Applications Conference (2002)
31.
R. Lippmann, K. Ingols, An Annotated Review of Past Papers on Attack Graphs, Lincoln Laboratory Technical Report ESC-TR-2005-054 (2005)
32.
M. Frigault, L. Wang, A. Singhal, S. Jajodia, Measuring network security using dynamic bayesian network, in 2008 ACM Workshop on Quality of Protection, October 2008
33.
L. Wang, T. Islam, T. Long, A. Singhal, S. Jajodia, An attack graph based probabilistic security metrics, in Proceedings of 22nd IFIP WG 11.3 Working Conference on Data and Application Security (DBSEC 2008), London, UK, July 2008
34.
A. Singhal, S. Xou, Techniques for enterprise network security metrics, in Proceedings of 2009 Cyber Security and Information Intelligence Research Workshop, Oakridge National Labs, Oakridge, April 2009
35.
P. Manadhata, J. Wing, M. Flynn, M. McQueen, Measuring the attack surface of two FTP daemons, in Proceedings of 2nd ACM Workshop on Quality of Protection (2006)
36.
J. Homer, X. Ou, D. Schmidt, A Sound and Practical Approach to Quantifying Security Risk in Enterprise Networks,” Technical report, Kansas State University, Computing and Information Sciences Department (2009)
37.
J. Wang, N. Singhal, K Zero day safety: measuring the security of networks against unknown attacks, in European Symposium on Research in Computer Security (ESORICS), September 2010
Metadaten
Titel
Security Risk Analysis of Enterprise Networks Using Probabilistic Attack Graphs
verfasst von
Anoop Singhal
Xinming Ou
Copyright-Jahr
2017
Buch
Network Security Metrics

Print ISBN: 978-3-319-66504-7

Electronic ISBN: 978-3-319-66505-4

Copyright-Jahr: 2017

DOI
https://doi.org/10.1007/978-3-319-66505-4_3

Premium Partner

    Bildnachweise