ComputationWorld 2018
February 18 - 22, 2018 - Barcelona, Spain

  • SERVICE COMPUTATION 2018, The Tenth International Conference on Advanced Service Computing
  • CLOUD COMPUTING 2018, The Ninth International Conference on Cloud Computing, GRIDs, and Virtualization
  • FUTURE COMPUTING 2018, The Tenth International Conference on Future Computational Technologies and Applications
  • COGNITIVE 2018, The Tenth International Conference on Advanced Cognitive Technologies and Applications
  • ADAPTIVE 2018, The Tenth International Conference on Adaptive and Self-Adaptive Systems and Applications
  • CONTENT 2018, The Tenth International Conference on Creative Content Technologies
  • PATTERNS 2018, The Tenth International Conference on Pervasive Patterns and Applications
  • COMPUTATION TOOLS 2018, The Ninth International Conference on Computational Logics, Algebras, Programming, Tools, and Benchmarking
  • BUSTECH 2018, The Eighth International Conference on Business Intelligence and Technology

DigitalWorld 2018
March 25 - 29, 2018 - Rome, Italy

  • ICDS 2018, The Twelfth International Conference on Digital Society and eGovernments
  • ACHI 2018, The Eleventh International Conference on Advances in Computer-Human Interactions
  • GEOProcessing 2018, The Tenth International Conference on Advanced Geographic Information Systems, Applications, and Services
  • eTELEMED 2018, The Tenth International Conference on eHealth, Telemedicine, and Social Medicine
  • eLmL 2018, The Tenth International Conference on Mobile, Hybrid, and On-line Learning
  • eKNOW 2018, The Tenth International Conference on Information, Process, and Knowledge Management
  • ALLSENSORS 2018, The Third International Conference on Advances in Sensors, Actuators, Metering and Sensing
  • SMART ACCESSIBILITY 2018, The Third International Conference on Universal Accessibility in the Internet of Things and Smart Environments

NexComm 2018
April 22 - 26, 2018 - Athens, Greece

  • ICDT 2018, The Thirteenth International Conference on Digital Telecommunications
  • SPACOMM 2018, The Tenth International Conference on Advances in Satellite and Space Communications
  • ICN 2018, The Seventeenth International Conference on Networks
    • SOFTNETWORKING 2018, The International Symposium on Advances in Software Defined Networking and Network Functions Virtualization
  • ICONS 2018, The Thirteenth International Conference on Systems
  • MMEDIA 2018, The Tenth International Conference on Advances in Multimedia
  • PESARO 2018, The Eighth International Conference on Performance, Safety and Robustness in Complex Systems and Applications
  • CTRQ 2018, The Eleventh International Conference on Communication Theory, Reliability, and Quality of Service
  • COCORA 2018, The Eighth International Conference on Advances in Cognitive Radio
  • ALLDATA 2018, The Fourth International Conference on Big Data, Small Data, Linked Data and Open Data
    • KESA 2018, The International Workshop on Knowledge Extraction and Semantic Annotation
  • SOFTENG 2018, The Fourth International Conference on Advances and Trends in Software Engineering

InfoSys 2018
May 20 - 24, 2018 - Nice, France

  • ICNS 2018, The Fourteenth International Conference on Networking and Services
  • ICAS 2018, The Fourteenth International Conference on Autonomic and Autonomous Systems
  • ENERGY 2018, The Eighth International Conference on Smart Grids, Green Communications and IT Energy-aware Technologies
  • WEB 2018, The Sixth International Conference on Building and Exploring Web Based Environments
  • DBKDA 2018, The Tenth International Conference on Advances in Databases, Knowledge, and Data Applications
    • GraphSM 2018, The Fifth International Workshop on Large-scale Graph Analysis, Management and Applications
  • SIGNAL 2018, The Third International Conference on Advances in Signal, Image and Video Processing

BioSciencesWorld 2018
May 20 - 24, 2018 - Nice, France

  • BIOTECHNO 2018, The Tenth International Conference on Bioinformatics, Biocomputational Systems and Biotechnologies
  • BIONATURE 2018, The Ninth International Conference on Bioenvironment, Biodiversity and Renewable Energies

DataSys 2018
July 22 - 26, 2018- Barcelona, Spain

  • AICT 2018, The Fourteenth Advanced International Conference on Telecommunications
  • ICIW 2018, The Thirteenth International Conference on Internet and Web Applications and Services
  • ICIMP 2018, The Thirteenth International Conference on Internet Monitoring and Protection
  • SMART 2018, The Seventh International Conference on Smart Cities, Systems, Devices and Technologies
  • IMMM 2018, The Eighth International Conference on Advances in Information Mining and Management
  • INFOCOMP 2018, The Eighth International Conference on Advanced Communications and Computation
    • MODOPT 2018, The International Symposium on Modeling and Optimization
  • MOBILITY 2018, The Eighth International Conference on Mobile Services, Resources, and Users
  • SPWID 2018, The Fourth International Conference on Smart Portable, Wearable, Implantable and Disability-oriented Devices and Systems
  • ACCSE 2018, The Third International Conference on Advances in Computation, Communications and Services

(to be completed)

 


ThinkMind // SECURWARE 2017, The Eleventh International Conference on Emerging Security Information, Systems and Technologies // View article securware_2017_4_10_30024


Attack Maze for Network Vulnerability Analysis

Authors:
Stanley Chow

Keywords: Network security; vulnerability analysis; scalable; vulnerability; exploit; maximum incursion; cyber security; metric; security metric; mission dependency

Abstract:
Even a well administered computer network will be vulnerable to attacks. There have been many proposals in the literature to address the problem of Network-Vulnerability Analysis. One approach is to generate an attack graph (a logical graph representation of all possible sequences of vulnerabilities) using some formal model. Attack graphs suffer from scalability issues as the size of the network or the number of services and vulnerabilities increase. This paper presents a new approach that treats the network as a maze, which the attacker has to solve. We then use the classical way to solve mazes in computer games – remembering where we have been by dropping things at each node. We present a graph-based algorithm to solve this maze and compute the Maximum Possible Incursion (MPI) for a given set of attackers or compromises. The developed simple breadth-first algorithm provides performance improvements over previous approaches (less than a minute to analyze a network with over 10,000 nodes). We also present a methodology to capture mission dependency, which represents how a mission relies on the underlying network. Finally, we compute an extensible set of security metrics that identify the current network status in multiple dimensions (e.g. Confidentiality, Integrity, and Availability). We also discuss future work to enumerate the specific attack paths that could be used to generate corrective recommendations.

Pages: 58 to 64

Copyright: Copyright (c) IARIA, 2017

Publication date: September 10, 2017

Published in: conference

ISSN: 2162-2116

ISBN: 978-1-61208-582-1

Location: Rome, Italy

Dates: from September 10, 2017 to September 14, 2017

SERVICES CONTACT
2010 - 2017 © ThinkMind. All rights reserved.
Read Terms of Service and Privacy Policy.