Combinatorial analysis of network security | (2002) | Noel | Publications

Proceedings Paper

Combinatorial analysis of network security

Author(s): Steven E. Noel; Brian O'Berry; Charles Hutchinson; Sushil Jajodia; Lynn M. Keuthan; Andy Nguyen

Format	Member Price	Non-Member Price
PDF	$17.00	$21.00

Add to cart

Paper Abstract

We extend the traditional analysis of network vulnerability by searching for sequences of exploited vulnerabilities distributed throughout a network. While vulnerabilities considered in isolation may seem innocuous, when considered in combination they may lead to serious security breaches. Our approach establishes encoding rules to reason about interdependent vulnerabilities and exploits. It then reasons about the rules to perform critical failure analysis for a given network. We have developed a prototype software tool for automating the analysis, which can be integrated with existing network security tools such as vulnerability databases and network discovery tools. We demonstrate our approach through an example application. We also perform a scaling experiment to show the performance of our approach for larger networks.

Paper Details

Date Published: 8 March 2002
PDF: 10 pages
Proc. SPIE 4738, Wavelet and Independent Component Analysis Applications IX, (8 March 2002); doi: 10.1117/12.458763

Show Author Affiliations

Steven E. Noel, George Mason Univ. (United States)
Brian O'Berry, George Mason Univ. (United States)
Charles Hutchinson, George Mason Univ. (United States)

Sushil Jajodia, Defense Information Systems Agency (United States)
Lynn M. Keuthan, Defense Information Systems Agency (United States)
Andy Nguyen, Defense Information Systems Agency (United States)

Published in SPIE Proceedings Vol. 4738:
Wavelet and Independent Component Analysis Applications IX
Harold H. Szu; James R. Buss, Editor(s)

Proceedings Paper

Sign In / Returning Customer