Minimum-cost network hardening using attack graphs

TL;DR: This paper proposes an attack graph-based probabilistic metric for network security and studies its efficient computation, and defines and proposes heuristics to improve the efficiency of such computation.

TL;DR: This paper presents the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs), and proposes a taxonomy of the described formalisms.

TL;DR: A Dynamic Bayesian Networks-based model is proposed to incorporate temporal factors, such as the availability of exploit codes or patches, for continuously measuring network security in a dynamic environment.

TL;DR: This paper builds an example Bayesian network based on a current security graph model, justifies the modeling approach through attack semantics and experimental study, and shows that the resulting Bayesian networks is not sensitive to parameter perturbation.

TL;DR: This book discusses the semantics of Predicate Logic, and some of theorems of A. Robinson, Craig and Beth's treatment of Peano's Axiom System.

TL;DR: A graph-based tool can identify the set of attack paths that have a high probability of success (or a low effort cost) for the attacker, and is used to test the effectiveness of making configuration changes, implementing an intrusion detection system, etc.

TL;DR: This paper revisits the idea of attack graphs themselves, and argues that they represent more information explicitly than is necessary for the analyst, and proposes a more compact and scalable representation.

TL;DR: This paper presents an algorithm for generating attack graphs using model checking as a subroutine, and provides a formal characterization of this problem, proving that it is polynomially equivalent to the minimum hitting set problem and presenting a greedy algorithm with provable bounds.