Learn More
Various tools exist to analyze enterprise network systems and to produce attack graphs detailing how attackers might penetrate into the system. These attack graphs, however, are often complex and difficult to comprehend fully, and a human user may find it problematic to reach appropriate configuration decisions. This paper presents methodologies that can 1)(More)
As automated tools for grading programming assignments become more widely used, it is imperative that we better understand how students are utilizing them. Other researchers have provided helpful data on the role automated assessment tools (AATs) have played in the classroom. In order to investigate improved practices in using AATs for student learning, we(More)
Mitigation of security risk is an important task in enterprise network security management. However it is presently a skill acquired by individual experience, more an art than a science. The biggest challenge in the problem is a quantitative model that objectively measures the likelihood a breach can be accomplished. This paper presents a sound and(More)
Quantifying security risk is an important and yet difficult task in enterprise network security management. While metrics exist for individual software vulnerabilities, there is currently no standard way of aggregating such metrics. We present a model that can be used to aggregate vulnerability metrics in an enterprise network, producing quantitative(More)
A significant challenge in evaluating network security stems from the scale of modern enterprise networks and the vast number of vulnerabilities regularly found in software applications. A common technique to deal with this complexity is attack graphs, where a tool automatically computes all possible ways a system can be broken into by analyzing the(More)
—Quantifying security risk is an important and yet difficult task in enterprise network risk management, critical for proactive mission assurance. Even though metrics exist for individual vulnerabilities, there is currently no standard way of aggregating such metrics. We developed a quantitative model that can be used to aggregate vulnerability metrics in(More)
In various estimation problems, the system being estimated may be represented by a sparse parameter vector, such that only a 'small' number of the vector elements are 'significant' or 'active'. In this paper we propose a normalised least mean square (NLMS) estimator which incorporates a least squares based active parameter criterion; such that NLMS(More)