Learn More
To protect critical resources in today's networked environments, it is desirable to quantify the likelihood of potential multi-step attacks that combine multiple vulnerabilities. This now becomes feasible due to a model of causal relationships between vulnerabilities, namely, attack graph. This paper proposes an attack graph-based probabilistic metric for(More)
Given the increasing dependence of our societies on networked information systems, the overall security of these systems should be measured and improved. Existing security metrics have generally focused on measuring individual vulnerabilities without considering their combined effects. Our previous work tackle this issue by exploring the causal(More)
—A network security metric is desirable in evaluating the effectiveness of security solutions in distributed systems. Aggregating CVSS scores of individual vulnerabilities provides a practical approach to network security metric. However, existing approaches to aggre-gating CVSS scores usually cause useful semantics of individual scores to be lost in the(More)
In measuring the overall security of a network, a crucial issue is to correctly compose the measure of individual components. Incorrect compositions may lead to misleading results. For example, a network with less vulnerabilities or a more diversified configuration is not necessarily more secure. To obtain correct compositions of individual measures, we(More)
Today's computer systems face sophisticated intrusions during which multiple vulnerabilities can be combined for reaching an attack goal. The overall security of a network system cannot simply be determined based on the number of vulnerabilities. To quantitatively assess the security of networked systems, one must first understand which and how(More)
—Assessing security of software services on Cloud is complex because the security depends on the vulnerability of infrastructure, platform and the software services. In many systems, the platform or the infrastructure on which the software will actually run may not be known or guaranteed. This implies that the security of the software service must be(More)
Today's computer systems face sophisticated attackers who combine multiple vulnerabilities to penetrate networks with devastating impact. The overall security of a network cannot be determined by simply counting the number of vulnerabilities. To accurately assess the security of networked systems, one must understand how vulnerabilities can be combined to(More)
This paper describes data mining and data warehousing techniques that can improve the performance and usability of Intrusion Detection Systems (IDS). Current IDS do not provide support for historical data analysis and data summarization. This paper presents techniques to model network traffic and alerts using a multi-dimensional data model and star schemas.(More)