Modeling and Simulating System Exploitations through Exploitation Graphs for Security Engineering

Kauai, Hawaii January 04-January 07

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/HICSS.2006.353

Proceedings of the 39th Annual Hawaii ...

	This Article
	PURCHASE ARTICLE: $0 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Wei Li Articles by Rayford B. Vaughn

	ASCII Text	x
	Wei Li, Rayford B. Vaughn, "Modeling and Simulating System Exploitations through Exploitation Graphs for Security Engineering," Hawaii International Conference on System Sciences, vol. 9, pp. 225c, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06) Track 9, 2006.

	BibTex	x
	@article{ 10.1109/HICSS.2006.353, author = {Wei Li and Rayford B. Vaughn}, title = {Modeling and Simulating System Exploitations through Exploitation Graphs for Security Engineering}, journal ={Hawaii International Conference on System Sciences}, volume = {9}, year = {2006}, issn = {1530-1605}, pages = {225c}, doi = {http://doi.ieeecomputersociety.org/10.1109/HICSS.2006.353}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Hawaii International Conference on System Sciences TI - Modeling and Simulating System Exploitations through Exploitation Graphs for Security Engineering SN - 1530-1605 SP EP A1 - Wei Li, A1 - Rayford B. Vaughn, PY - 2006 KW - null VL - 9 JA - Hawaii International Conference on System Sciences ER -

Wei Li, Nova Southeastern University

Rayford B. Vaughn, Mississippi State University

In this paper, we define a process to model and simulate attack scenarios in networked environments. Known system vulnerability data, system configuration data, and vulnerability scanner results are associated to create exploitation graphs (e-graphs) which are used to represent attack scenarios. Experiments carried out in a cluster computing environment showed the usefulness of proposed techniques in providing in-depth attack scenario analyses for security engineering. Critical vulnerabilities can be identified by employing graph algorithms. Several factors were used to measure the difficulty in executing an attack. A cost/benefit analysis was used for more accurate quantitative analysis of attack scenarios. We have also shown how the attack scenario analyses better help deployment of security products and design of network topologies.

Citation:

Wei Li, Rayford B. Vaughn, "Modeling and Simulating System Exploitations through Exploitation Graphs for Security Engineering," hicss, vol. 9, pp.225c, Proceedings of the 39th Annual Hawaii International Conference on System Sciences (HICSS'06) Track 9, 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.