|
[1]Michael Lyle Artz, NetSPA, “A Network Security Planning Architecture”, M.S. Thesis, Cambridge: Massachusetts Institute of Technology, May 2002. [2]Oleg Mikhail Sheyner, “Scenario Graphs and Attack Graphs”, Ph.D. Thesis, Carnegie Mellon University, p.133, April 2004. [3]Paul Ammann, Duminda Wijesekera, and Saket Kaushik, “Scalable, Graph-Based Network Vulnerability Analysis”, Proceedings of the 9th ACM Conference on Computer and Communications Security, New York: ACM Press, p.217-224, 2002. [4]Frederic Cuppens and Alexandre Miège, “Alert Correlation in a Cooperative Intrusion Detection Framework”, in Proceedings of the 2002 IEEE Symposium on Security and Privacy (May 12 - 15, 2002). SP. IEEE Computer Society, Washington, DC, p.202. [5]Frederic Cuppens and Rodolphe Ortalo, “LAMBDA: A Language to Model a Database for Detection of Attacks”, in Proceedings of the Third international Workshop on Recent Advances in intrusion Detection (October 02 - 04, 2000), p.197-216. [6]Kyle Ingols, Richard Lippmann, and Keith Piwowarski, “Practical Attack Graph Generation for Network Defense”, Computer Security Applications Conference, Miami Beach, Florida, p.121-130, 11 December 2006. [7]Richard Lippmann and Kyle Ingols, “An Annotated Review of Past Papers on Attack Graphs”, PR-IA-1, MIT Lincoln Laboratory Project Report, 31 March 2005. [8]Richard Lippmann, Kyle Ingols, Chris Scott, Keith Piwowarski, Kendra Kratkiewicz, and Mike Artz, “Evaluating and Strengthening Enterprise Network Security Using Attach Graphs”, PR-IA-2, MIT Lincoln Laboratory Project Report, 12 August 2005. [9]Richard Lippmann, Kyle Ingols, Chris Scott, Keith Piwowarski, Kendra Kratkiewicz, Mike Artz, and Robert Cunningham, “Validating and Restoring Defense in Depth Using Attack Graphs”, MILCOM 2006, Washington, DC, 23 October 2006. [10]Steven Noel and Sushil Jajodia, “Managing Attack Graph Complexity Through Visual Hierarchical Aggregation”, Proceedings of the 2004 ACM Workshop on Visualization and Data Mining for Computer Security, New York: ACM Press, p.109-118, 2004. [11]Steven Noel, Sushil Jajodia, Brian O’Berry, and Michael Jacobs, “Efficient Minimum-Cost Network Hardening Via Exploit Dependency Graphs”, Proceedings of the 19th Annual Computer Security Applications Conference, Las Vegas, Nevada, p.86, 2003. [12]Peng Ning and Dingbang Xu, “Learning attack strategies from intrusion alerts”, in Proceedings of the 10th ACM Conference on Computer and Communications Security (Washington D.C., USA, October 27 - 30, 2003). CCS '03. ACM, New York, NY, p.200-209. [13]Xinming Ou, Wayne F. Boyer, and Miles A. McQueen, “A scalable approach to attack graph generation” In CCS ’06, p.336–345, New York, NY, USA, 2006. ACM Press. [14]Xinming Ou, Sudhakar Govindavajhala, and Andrew W. Appel, “MulVAL: A logic-based network security analyzer”, in 14th USENIX Security Symposium, Baltimore, Maryland, U.S.A., p.113-128, August 2005. [15]Cynthia Phillips and Laura Painton Swiler, “A graph-based system for network-vulnerability analysis”, proceedings of the 1998 workshop on New security paradigms, p.71-79, 1998. [16]Ronald Ritchey and Paul Ammann, “Using model checking to analyze network vulnerabilities”, in 2000 IEEE Symposium on Security and Privacy, p.156–165, 2000. [17]Ronald Ritchey, Brain O’Berry, and Steven Noel, “Representing TCP/IP Connectivity for Topological Analysis of Network Security” Proceedings of the 18th Annual Computer Security Applications Conference, Las Vegas, Nevada, 2002. [18]Diptikalyan Saha, “Extending logical attack graphs for efficient vulnerability analysis”, In Proceedings of the 15th ACM Conference on Computer and Communications Security (Alexandria, Virginia, USA, October 27 - 31, 2008). CCS '08. ACM, New York, NY, p.63-74. [19]Andrew Stewart, “A contemporary approach to network vulnerability assessment”, in Network Security, volume 2005, issue 4, p.7-10, April 2005. [20]Oleg Sheyner, Joshua Haines, Somesh Jha, Richard Lippmann, and Jeannette M. Wing, “Automated Generation and Analysis of Attack Graphs”, in 2002 IEEE Symposium on Security and Privacy. Oakland, California, 2002. [21]Steven J. Templeton and Kar Levitt, “A requires/provides model for computer attacks”, in Proceedings of the 2000 Workshop on New Security Paradigms (Ballycotton, County Cork, Ireland, September 18 - 21, 2000). NSPW '00. ACM, New York, NY, p.31-38. [22]Sushil Jajodia, Steven Noel, and Brain O’Berry, “Topological Analysis of Network Attack Vulnerability”, Managing Cyber Threats: Issues, Approaches and Challenges, Vipin Kumar, Jaideep Srivastava, and Aleksandar Lazarevic, Eds., Dordrecht, Netherlands: Kluwer Academic Publisher, 2003. [23]Nessus, Tenable Network Security, http://www.tenablesecurity.com/nessus/ [24]NVD, National Vulnerability Database, http://nvd.nist.gov/ [25]OVAL Definition Search, http://oval.mitre.org/repository/data/AdvancedSearch.jsp [26]OVAL Scanner, the MITRE Corporation, http://oval.mitre.org/oval/index.html [27]SSA – Security System Analyzer, Security Database, http://www.security-database.com/ssa.php [28]University of Purdue, RASC: Confidentiality, Integrity and Availability (CIA), http://www.itap.purdue.edu/security/files/documents/RASCCIAv13.pdf [29]US-CERT Vulnerability Notes Database, http://www.kb.cert.org/vuls [30]XSB, a Logic Programming and Deductive Database system for Unix and Windows, http://xsb.sourceforge.net/
|