Modeling Modern Network Attacks and Countermeasures Using Attack Graphs

Ingols, Kyle; Chu, Matthew; Lippmann, Richard P.; Webster, Seth; Boyer, Stephen

doi:10.1109/acsac.2009.21

Cited by 159 publications

(95 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…This calculation is enabled by previous work, for example [2] which demonstrated how all end-toend connectivities can be computed efficiently from the configurations of network routers and firewalls. Reachability calculations along similar lines, with some minor differences, also appear in [4,5].…”

Section: Exposure and Impactmentioning

confidence: 86%

See 1 more Smart Citation

On Computing Enterprise IT Risk Metrics

Bhatt

Horne

Rao

2011

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Section: Exposure and Impactmentioning

confidence: 86%

“…The closest work in spirit to ours is the NetSpa system [4,5]. Similar to our approach, NetSpa also computes the reachability matrix of a network, albeit using somewhat different techniques.…”

Section: Related Workmentioning

confidence: 99%

On Computing Enterprise IT Risk Metrics

Bhatt

Horne

Rao

2011

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

“…Incorporation of anti-forensic nodes onto the attack graphs (Ingols et al, 2009) may provide sufficient information regarding the attacker's intention of reducing the generation of evidence and gives two possibilities of trace path, one with normal attack nodes and other with anti-forensic nodes.…”

Section: Network Attack Graphsmentioning

confidence: 99%

“…Content based and Context based monitoring (Kiley, Dankner, & Rogers, 2008) is another effective approach for network monitoring and detection of attacks which incorporates data mining and database auditing techniques (Ingols, Chu, Lippmann, Webster, & Boyer, 2009). The data mining techniques utilized in IDS helps in pattern comparison (Heydari, Martin, Rjaibi, & Lin, 2010) and sequence analysis and identify attacks in an effective manner .…”

Section: Network Security and Forensicsmentioning

confidence: 99%

Attack Graph Analysis for Network Anti-Forensics

Chandran

Yan

2014

International Journal of Digital Crime and Forensics

View full text Add to dashboard Cite

The development of technology in computer networks has boosted the percentage of cyber-attacks today. Hackers are now able to penetrate even the strongest IDS and firewalls. With the help of anti-forensic techniques, attackers defend themselves, from being tracked by destroying and distorting evidences. To detect and prevent network attacks, the main modus of operandi in network forensics is the successful implementation and analysis of attack graph from gathered evidences. This paper conveys the main concepts of attack graphs, requirements for modeling and implementation of graphs. It also contributes the aspect of incorporation of anti-forensic techniques in attack graph which will help in analysis of the diverse possibilities of attack path deviations and thus aids in recommendation of various defense strategies for better security. To the best of our knowledge, this is the first time network anti-forensics has been fully discussed and the attack graphs are employed to analyze the network attacks. The experimental analysis of anti-forensic techniques using attack graphs were conducted in the proposed test-bed which helped to evaluate the model proposed and suggests preventive measures for the improvement of security of the networks.

show abstract

“…Common Criteria 2 , OCTAVE (Alberts et al 2003), CORAS (Lund et al 2010), and the model by Breu et al (Breu et al 2008)), or too limited in terms of scope only covering parts of the vulnerabilities in the system (e.g. MulVAL (Ou et al 2006;Huang et al 2011), NetSPA (Ingols et al 2009), or the TVA-tool (Jajodia et al 2005)). Some tools also require extensive expertise for manual configuration, such as the cyber-physical cyber security analysis tools ADVISE (LeMay et al 2011) and CyberSAGE (Vu et al 2014).…”

Section: Introductionmentioning

confidence: 99%

Load balancing of renewable energy: a cyber security analysis

et al. 2018

View full text Add to dashboard Cite

Background: In the coming years, the increase of automation in electricity distribution grids, controlled by ICT, will bring major consequences to the cyber security posture of the grids. Automation plays an especially important role in load balancing of renewable energy where distributed generation is balanced to load in a way that the grid stability is ensured. Threats to the load balancing and the smart grid in general arise from the activities of misbehaving or rouge actors in combination with poor design, implementation, or configuration of the system that makes it vulnerable. It is urgent to conduct an in-depth analysis about the feasibility and imminency of these potential threats ahead of a cyber catastrophy. This paper presents a cyber security evaluation of the ICT part of the smart grid with a focus on load balancing of renewable energy. Method: The work builds on a load balancing centered smart grid reference architecture model that is designed as part of the evaluation with the help of SCADA system and smart grid experts. The smart grid load balancing architecture represented by the model is then analyzed using a threat modelling approach that is encapsulated in a tool called securiCAD. Countermeasures are introduced in the model to measure how much each improve the cyber security of the smart grid.

show abstract

Modeling Modern Network Attacks and Countermeasures Using Attack Graphs

Cited by 159 publications

References 16 publications

On Computing Enterprise IT Risk Metrics

On Computing Enterprise IT Risk Metrics

Attack Graph Analysis for Network Anti-Forensics

Load balancing of renewable energy: a cyber security analysis

Contact Info

Product

Resources

About