1 |
Frigault, Marcel, and Lingyu Wang. "Measuring network security using bayesian network-based attack graphs," Annual IEEE International Computer Software and Applications Conference. IEEE, pp. 698-703, August, 2008.
|
2 |
Poolsappasit, Nayot, Rinku Dewri, and Indrajit Ray. "Dynamic security risk management using bayesian attack graphs," IEEE Transactions on Dependable and Secure Computing, Vol. 9, No. 1, pp. 61-74, June, 2012.
DOI
|
3 |
Liu, Si-chao, and Yuan Liu. "Network security risk assessment method based on HMM and attack graph model," 2016 17th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD). IEEE, pp. 517-522, June, 2016.
|
4 |
Sawilla, Reginald E., and Xinming Ou. "Identifying critical attack assets in dependency attack graphs," European Symposium on Research in Computer Security, Vol. 5283, pp. 18-34, 2008.
|
5 |
Hui, Wang, Chen Fuwang, and Wang Yunfeng. "An Approach of Security Risk Evaluation Based on the Bayesian Attack Graph," Open Cybernetics & Systemics Journal, Vol. 9, pp. 953-960, 2015.
DOI
|
6 |
Noel, Steven, and Sushil Jajodia. "Metrics suite for network attack graph analytics," Proceedings of the 9th Annual Cyber and Information Security Research Conference. ACM, pp. 5-8, April, 2014.
|
7 |
Moon, Young Hoon, et al. "Hybrid Attack Path Enumeration System Based on Reputation Scores," Computer and Information Technology (CIT), 2016 IEEE International Conference on. IEEE, pp. 241-248, December, 2016.
|
8 |
Ghosh, Nirnay, and Soumya K. Ghosh. "An approach for security assessment of network configurations using attack graph," Networks and Communications, 2009. NETCOM'09. First International Conference on. IEEE, pp. 283-288, December, 2009.
|
9 |
Homer, John, et al. "Aggregating vulnerability metrics in enterprise networks using attack graphs," Journal of Computer Security Vol. 21, No. 4, pp. 561-597, September, 2013.
DOI
|
10 |
Ministry of Science and ICT, http://www.index.go.kr/potal/main/EachDtlPageDetail.do?idx_cd=1363
|
11 |
Schneier, Bruce. "Attack trees." Dr. Dobb's journal 24.12 (1999): 21-29.
|
12 |
Phillips, Cynthia, and Laura Painton Swiler. "A graph-based system for network-vulnerability analysis," Proceedings of the 1998 workshop on New security paradigms. pp. 71-79, Charlottesville, Virginia, USA, September, 1998.
|
13 |
National Institute of Standards and Technology Glossary, https://csrc.nist.gov/glossary/term/vulnerability
|
14 |
Hong, Jin Bum, and Dong Seong Kim. "Assessing the effectiveness of moving target defenses using security models," IEEE Transactions on Dependable and Secure Computing, Vol. 13, No. 2, pp. 163-177, April, 2016.
DOI
|
15 |
Ge, Mengmeng, Huy Kang Kim, and Dong Seong Kim. "Evaluating Security and Availability of Multiple Redundancy Designs when Applying Security Patches." Dependable Systems and Networks Workshop (DSN-W), 2017 47th Annual IEEE/IFIP International Conference on. IEEE, pp. 53-60, June, 2017.
|
16 |
Singh, Umesh Kumar, and Chanchala Joshi. "Quantifying security risk by critical network vulnerabilities assessment," International Journal of Computer Applications, Vol. 156, No. 13, pp. 26-33, December, 2016.
|
17 |
Zhang, Mengyuan, et al. "Network diversity: a security metric for evaluating the resilience of networks against zero-day attacks," IEEE Transactions on Information Forensics and Security, Vol. 11, No. 5, pp. 1071-1086, January, 2016.
DOI
|
18 |
Jessica Steinberger et al. "DDoS defense using MTD and SDN," IEEE Network Operations and Management Symposium 2018 on. IEEE, April, 2018.
|
19 |
Zhuang, Rui, et al. "Investigating the application of moving target defenses to network security," Resilient Control Systems (ISRCS), 2013 6th International Symposium on. IEEE, pp. 162-169, August, 2013.
|
20 |
Chowdhary, Ankur, Sandeep Pisharody, and Dijiang Huang. "Sdn based scalable mtd solution in cloud network," Proceedings of the 2016 ACM Workshop on Moving Target Defense. ACM, pp. 27-36, October, 2016.
|
21 |
Yusuf, Simon Enoch, et al. "Security Modelling and Analysis of Dynamic Enterprise Networks." Computer and Information Technology (CIT), 2016 IEEE International Conference on. IEEE, pp.249-256, December, 2016.
|
22 |
Joo Yeon Moon, Taekyu Kim, Insung Kim, and Huy Kang Kim. "An attack graph model for dynamic network environment," Journal of The Korea Institute of Information Security & Cryptology, Vol. 28, No. 2, pp. 485-500, April, 2018.
DOI
|
23 |
Mehta, Vaibhav, et al. "Ranking attack graphs," International Workshop on Recent Advances in Intrusion Detection. pp. 127-144, 2006.
|
24 |
Ou, Xinming, Sudhakar Govindavajhala, and Andrew W. Appel. "MulVAL: A Logic-based Network Security Analyzer," USENIX Security Symposium. Vol. 8, 2005.
|
25 |
Ingols, Kyle, Richard Lippmann, and Keith Piwowarski. "Practical attack graph generation for network defense," Computer Security Applications Conference, pp. 121-130, December, 2006.
|
26 |
Ortalo, Rodolphe, Yves Deswarte, and Mohamed Kaaniche. "Experimenting with quantitative evaluation tools for monitoring operational security," IEEE Transactions on Software Engineering Vol. 25, No. 5, pp. 633-650, September, 1999
DOI
|
27 |
Idika, Nwokedi, and Bharat Bhargava. "Extending attack graph-based security metrics and aggregating their application," IEEE Transactions on Dependable and Secure Computing Vol. 9, No. 1, pp. 75-85, January, 2012.
DOI
|
28 |
National Institute of Standards and Technology, https://www.nist.gov
|
29 |
Balzarotti, Davide, Mattia Monga, and Sabrina Sicari. "Assessing the risk of using vulnerable components," Quality of Protection, pp. 65-77, 2006.
|
30 |
Wang, Lingyu, et al. "An attack graph-based probabilistic security metric," IFIP Annual Conference on Data and Applications Security and Privacy, Vol. 5094. pp. 283-296, 2008.
|
31 |
CVE, https://cve.mitre.org/
|
32 |
CVSS, https://www.first.org/cvss
|
33 |
Noel, Steven, et al. "Measuring security risk of networks using attack graphs," International Journal of Next-Generation Computing, Vol. 1, No. 1, pp. 135-147, July, 2010.
|
34 |
Gallon, Laurent, and Jean Jacques Bascou. "Using CVSS in attack graphs," Availability, Reliability and Security, 2011 Sixth International Conference on. IEEE, pp. 59-66, 2011.
|
35 |
Wang, Lingyu, Anoop Singhal, and Sushil Jajodia. "Measuring the overall security of network configurations using attack graphs," IFIP Annual Conference on Data and Applications Security and Privacy, Vol. 4602, pp. 98-112, 2007.
|
36 |
Suh-Lee, Candace, and Juyeon Jo. "Quantifying security risk by measuring network risk conditions," Computer and Information Science (ICIS), 2015 IEEE/ACIS 14th International Conference on. IEEE, pp. 9-14, July, 2015.
|
37 |
National Vulnerability Database, https://nvd.nist.gov
|
38 |
Pamula, Joseph, et al. "A weakest-adversary security metric for network configuration security analysis," Proceedings of the 2nd ACM workshop on Quality of protection. ACM, pp. 31-38, October, 2006.
|
39 |
Tupper, Melanie, and A. Nur Zincir-Heywood. "VEA-bility security metric: A network security analysis tool," Availability, Reliability and Security, 2008. ARES 08. Third International Conference on. IEEE, pp. 950-957, March, 2008.
|
40 |
Keramati, Marjan, Ahmad Akbari, and Mahsa Keramati. "CVSS-based security metrics for quantitative analysis of attack graphs," Computer and Knowledge Engineering (ICCKE), 2013 3th International eConference on. IEEE, pp. 178-183, November, 2013.
|
41 |
Dai, Fangfang, et al. "Exploring risk flow attack graph for security risk assessment," IET Information Security Vol. 9, No. 6, pp. 344-353, November, 2015.
DOI
|
42 |
Singhal, Anoop, and Xinming Ou. "Security risk analysis of enterprise networks using probabilistic attack graphs," Network Security Metrics, pp.53-73, November, 2017.
|
43 |
Xie, Lixia, Xiao Zhang, and Jiyong Zhang. "Network Security Risk Assessment Based on Attack Graph," Journal of Computers Vol. 8, No. 9, pp. 2339-2347, September, 2013.
|