Share Email Print

Proceedings Paper

Combinatorial analysis of network security
Author(s): Steven E. Noel; Brian O'Berry; Charles Hutchinson; Sushil Jajodia; Lynn M. Keuthan; Andy Nguyen
Format Member Price Non-Member Price
PDF $17.00 $21.00

Paper Abstract

We extend the traditional analysis of network vulnerability by searching for sequences of exploited vulnerabilities distributed throughout a network. While vulnerabilities considered in isolation may seem innocuous, when considered in combination they may lead to serious security breaches. Our approach establishes encoding rules to reason about interdependent vulnerabilities and exploits. It then reasons about the rules to perform critical failure analysis for a given network. We have developed a prototype software tool for automating the analysis, which can be integrated with existing network security tools such as vulnerability databases and network discovery tools. We demonstrate our approach through an example application. We also perform a scaling experiment to show the performance of our approach for larger networks.

Paper Details

Date Published: 8 March 2002
PDF: 10 pages
Proc. SPIE 4738, Wavelet and Independent Component Analysis Applications IX, (8 March 2002); doi: 10.1117/12.458763
Show Author Affiliations
Steven E. Noel, George Mason Univ. (United States)
Brian O'Berry, George Mason Univ. (United States)
Charles Hutchinson, George Mason Univ. (United States)
Sushil Jajodia, Defense Information Systems Agency (United States)
Lynn M. Keuthan, Defense Information Systems Agency (United States)
Andy Nguyen, Defense Information Systems Agency (United States)

Published in SPIE Proceedings Vol. 4738:
Wavelet and Independent Component Analysis Applications IX
Harold H. Szu; James R. Buss, Editor(s)

© SPIE. Terms of Use
Back to Top
Sign in to read the full article
Create a free SPIE account to get access to
premium articles and original research
Forgot your username?