• Corpus ID: 17198987

Analyzing Network Security using Malefactor Action Graphs

  title={Analyzing Network Security using Malefactor Action Graphs},
  author={Igor Kotenko and Mikhail Stepashkin},
Summary The approach to network security analysis is suggested. It is based on simulation of malefactor’s behavior, generating attack graph and calculating different security metrics. The graph represents all possible attack scenarios taking into account network configuration, security policy, malefactor’s location, knowledge level and strategy. The security metrics describe computer network security at different levels of detail and take into account various aspects of security. The… 

Figures and Tables from this paper

Modelling and Analysing Network Security Policies in a Given Vulnerability Setting
An integrated framework for model-based symbolic interpretation, simulation and analysis with a comprehensive approach focussing on the validation of network security policies, that abstract representations of these graphs can be computed that allow comparison of focussed views on the behaviour of the system.
Study on Model-Based Security Assessment of Information Systems
This paper makes an extensive survey on existing model-based approaches to security assessment of vulnerabilities in information systems, analysing their working mechanics, advantages and disadvantages.
Abstraction-based analysis of known and unknown vulnerabilities of critical information infrastructures
  • R. Rieke
  • Computer Science
    Int. J. Syst. Syst. Eng.
  • 2008
An abstraction-based approach that builds on a model-based construction of an attack graph with constraints given by the network security policy to support the process of dependable configuration of critical information infrastructures.
Attack-defense trees
A new graphical security model called attack–defense trees is developed, which generalizes the well-known attack trees model and demonstrates the usefulness of the formal foundations of attack– Defense trees by relating attack– defense terms to other scientific research disciplines.
Analysis and Evaluation of Cyber-attack Impact on Critical Power System Infrastructure
This research uses SUCIF index to compare hacking impact on Ukrainian Power Grid and Saudi Aramco Oil and Gas Company and to legitimize TBCIF score, which has been used to compare the intrusion impact of different IEEE test systems.
A comprehensive online tool [WR-3] that detects security flaws in networks
  • Aakash Trivedi
  • Computer Science
    2010 3rd International Conference on Computer Science and Information Technology
  • 2010
An online application which can be globally accessed and provides a very simple and easy to use interface for network administrators to use almost all popular exploits and network intrusion tools on their own networks and detect any possible network breach.
Attack and Defense Modeling with BDMP
BDMP detection and reaction modeling are fully integrated in an augmented theoretical framework and new developments on defensive aspects are presented.
Attack and defense dynamic modeling with BDMP - Extended version Modélisation dynamique d'attaques et de défenses avec les BDMP - Version longue
The theoretical foundations of such an adaptation of the BDMP are developed and new developments on defensive aspects are presented, in particular, detection and reaction modeling are fully integrated in an augmented theoretical framework.
Using Network Node Description Language for modeling networking scenarios


Computer-attack graph generation tool
The status of the tool is presented and implementation issues are discussed, especially focusing on the data input needs and methods for eliminating redundant paths and nodes in the graph.
Risk management using behavior based attack graphs
  • R. Dantu, K. Loper, P. Kolan
  • Computer Science
    International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004.
  • 2004
A mechanism to estimate the risk level of critical resources that may be compromised based on attacker behavior using Bayesian methodology and periodically update the subjective beliefs about the occurrence of an attack is formulated.
Understanding complex network attack graphs through clustered adjacency matrices
  • S. Noel, S. Jajodia
  • Computer Science
    21st Annual Computer Security Applications Conference (ACSAC'05)
  • 2005
A graphical technique is introduced that shows multiple-step attacks by matching rows and columns of the clustered adjacency matrix that allows attack impact/responses to be identified and prioritized according to the number of attack steps to victim machines, and allows attack origins to be determined.
Tool based formal Modelling, Analysis and Visualisation of Enterprise Network Vulnerabilities utilising Attack Graph Exploration
A methodology and a tool for the development and analysis of operational formal models is presented that addresses issues in the context of network vulnerability analysis and identifies the biggest sources of trouble in the system based on vulnerabilitypriorities network-structure and possible attack patterns.
Network Security Modeling and Cyber Attack Simulation Methodology
The approach is to show the difference from others in that it supports a hierarchical and modular modeling environment, and generates the command-level behavior of cyber attack scenario, and provides an efficient model building environment based on the experimental frame concept.
Network Security Assessment
A Knowledge-Based Approach to Network Security: Applying Cyc in the Domain of Network Risk Assessment
CycSecure™ is a network risk assessment and network monitoring application that relies on knowledge-based artificial intelligence technologies to improve on traditional network vulnerability
MulVAL: A Logic-based Network Security Analyzer
MulVAL is an end-to-end framework and reasoning system that conducts multihost, multistage vulnerability analysis on a network and can reason about 84% of the Red Hat bugs reported in OVAL, a formal vulnerability definition language.
Attacks Against Computer Network: Formal Grammar-Based Framework and Simulation Tool
An approach and formal framework for modeling attacks against computer network and its software implementation on the basis of a multi-agent architecture, and on-line generation of the malefactor's activity resulting from the reaction of the attacked network security system is presented.
A Framework Based Approach for Formal Modeling and Analysis of Multi-level Attacks in Computer Networks
A novel approach for modeling and analyzing complex attack scenarios that combines the high-level specification language cTLA with a computer network framework, optimization strategies, a translation tool, and the SPIN model checker is proposed.