|
[1] M. U. Aksu, M. H. Dilek, E. I. Tatlı, K. Bicakci, H. I. Dirik, M. U. Demirezen and T. Aykır, “A quantitative CVSS-based cyber security risk assessment methodology for IT systems,” 2017 International Carnahan Conference on Security Technology (ICCST), IEEE, pp. 1-8, 2017.
[2] P. Ammann, D. Wijesekera and S. Kaushik, “Scalable, Graph-Based Network Vulnerability Analysis,” Ninth Conf. Computer and Comm. Security, pp. 217-224, 2002.
[3] CVE Details The ultimate security vulnerability datasource, https://www.cvedetails.com/.
[4] R. Dantu, K. Loper and P. Kolan, “Risk management using behavior based attack graphs,” International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004, IEEE, pp. 445-449, 2004.
[5] J. Dawkins, C. Campbell and J. Hale, “Modeling Network Attacks: Extending the Attack Tree Paradigm,” Workshop Statistical Machine Learning Techniques in Computer Intrusion Detection, 2002.
[6] J. Homer, A. Varikuti, X. Ou and M. A. McQueen, “Improving attack graph visualization through data reduction and attack grouping,” Visualization for computer security, Springer, Berlin, Heidelberg, pp. 68-79, 2008.
[7] S. Jajodia and S. Noel, “Topological vulnerability analysis: A powerful new approach for network attack prevention, detection, and response,” Algorithms, architectures and information systems security, pp. 285-305, 2009.
[8] S. Jha, O. Sheyner and J. Wing, “Two formal analyses of attack graphs,” Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15, IEEE, pp. 49-63, 2002.
[9] Lincoln Lab MIT, 2000 DARPA INTRUSION DETECTION SCENARIO SPECIFIC DATASETS, https://www.ll.mit.edu/r-d/datasets/2000-darpa-intrusion-detection-scenario-specific-datasets
[10] Y. Liu, H. Man, “Network vulnerability assessment using Bayesian networks,” Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2005, International Society for Optics and Photonics, pp. 61-72, 2005.
[11] C. Liu, A. Singhal and D. Wijesekera, “Mapping evidence graphs to attack graphs,” 2012 IEEE International Workshop on Information Forensics and Security (WIFS), IEEE, pp. 121-126, 2012.
[12] S. Mathew, R. Giomundo, S. Upadhyaya, M. Sudit and A. Stotz, “Understanding Multistage Attacks by Attack-Track based Visualization of Heterogeneous Event Streams,” Proceedings of the 3rd international workshop on Visualization for computer security, ACM, pp. 1-6, 2006.
[13] A.P. Moore, R.J. Ellison and R.C. Linger, “Attack Modeling for Information Survivability,” Technical Note CMU/SEI-2001-TN001, Carnegie Melon Univ. / Software Eng. Inst., Mar. 2001.
[14] NVD CVSS national vulnerability database cvss support. http://nvd.nist.gov/cvss.cfm.
[15] X. Ou, W. F. Boyer, M. A. McQueen, “A scalable approach to attack graph generation,”13th ACM conference on Computer and communications security, ACM, pp. 336-345, 2006.
[16] X. Ou, S. Govindavajhala and A.W. Appel, “MulVAL: A LogicBased Network Security Analyzer,” 14th Conf. USENIX Security Symp., pp. 113-128, 2005.
[17] C. Phillips and L.P. Swiler, “A Graph-Based System for NetworkVulnerability Analysis,” New Security Paradigms Workshop, pp. 71-79, 1998.
[18] N. Poolsappasit, R. Dewri and I. Ray, “Dynamic security risk management using bayesian attack graphs,” IEEE Transactions on Dependable and Secure Computing, 9.1: 61-74, 2012.
[19] I. Ray and N. Poolsappasit, “Using Attack Trees to Identify Malicious Attacks from Authorized Insiders,” 10th European Symp. Research in Computer Security (ESORICS ’05), pp. 231-246, 2005.
[20] S. Roschke, F. Cheng and C. Meinel, “A new alert correlation algorithm based on attack graph,” Computational Intelligence in Security for Information Systems, Springer, Berlin, Heidelberg, pp. 58-67, 2011.
[21] D. Saha, “Extending Logical Attack Graph for Efficient Vulnerability Analysis,” 15th ACM Conf. Computer and Comm. Security, pp. 63-73, 2008.
[22] B. Schneier, “Attack Trees,” Dr. Dobb’s J., Dec. 1999.
[23] J. Sembiring, M. Ramadhan, Y. S. Gondokaryono and A. A. Arman, “Network Security Risk Analysis using Improved MulVAL Bayesian Attack Graphs,” International Journal on Electrical Engineering and Informatics, Volume 7, Number 4, Des. 2015.
[24] O. Sheyner, J. Haines and S. Jha, “Automated generation and analysis of attack graphs,” Proceedings 2002 IEEE Symposium on Security and Privacy, IEEE, pp. 273-284, 2002.
[25] A. Shiravi, H. Shiravi, M. Tavallaee and A. A. Ghorbani, “Toward developing a systematic approach to generate benchmark datasets for intrusion detection,” computers & security, Volume 31, Issue 3, pp. 357-374, 2012.
[26] A. Singhal and X. Ou, “Security risk analysis of enterprise networks using probabilistic attack graphs,” Network Security Metrics, Springer, Cham, pp. 53-73, 2017.
[27] L. Wang, T. Islam, A. Singhal and S. Jajodia, “An attack graph-based probabilistic security metric,” IFIP Annual Conference on Data and Applications Security and Privacy, Springer, Berlin, Heidelberg, pp. 283-296, 2008.
[28] J. Homer, S. Zhang, X. Ou, D. Schmidt and Y. Du, “Aggregating vulnerability metrics in enterprise networks using attack graphs,” Journal of Computer Security, vol. 21, no. 4, pp. 561-597, 2013.
[29] X. Ou and A. Singhal, Quantitative security risk assessment of enterprise networks, Springer, 2011.
|