Sciweavers

COMCOM
2006

Minimum-cost network hardening using attack graphs

13 years 11 months ago
Minimum-cost network hardening using attack graphs
In defending one's network against cyber attack, certain vulnerabilities may seem acceptable risks when considered in isolation. But an intruder can often infiltrate a seemingly well-guarded network through a multi-step intrusion, in which each step prepares for the next. Attack graphs can reveal the threat by enumerating possible sequences of exploits that can be followed to compromise given critical resources. However, attack graphs do not directly provide a solution to remove the threat. Finding a solution by hand is error-prone and tedious, particularly for larger and less secure networks whose attack graphs are overly complicated. In this paper, we propose a solution to automate the task of hardening a network against multi-step intrusions. Unlike existing approaches whose solutions require removing exploits, our solution is comprised of initially satisfied conditions only. Our solution is thus more enforceable, because the initial conditions can be independently disabled, w...
Lingyu Wang, Steven Noel, Sushil Jajodia
Added 11 Dec 2010
Updated 11 Dec 2010
Type Journal
Year 2006
Where COMCOM
Authors Lingyu Wang, Steven Noel, Sushil Jajodia
Comments (0)