Proactive risk assessment based on attack graphs An element of the risk management process on system, enterprise and national level

Tytuł

Typ publikacji

Referat konferencyjny

Rok

2018

Data dokładna

Autorzy słownie

Autorzy

Hermanowski Damian Piotrowski Rafał

ISBN/ISSN

Informacje dodatkowe

[Referat wygłoszony na: IEEE International Conference on Data Science and Systems DSS-2018, Exeter, Wielka Brytania, 27.06-01.07.2018 r.]

Published in: 2018 IEEE 20th International Conference on High Performance Computing and Communications; IEEE 16th International Conference on Smart City; IEEE 4th International Conference on Data Science and Systems (HPCC/SmartCity/DSS)

s. 1435-1441

DOI: 10.1109/HPCC/SmartCity/DSS.2018.00237

Abstract: The paper discusses graph based risk assessment approach to the evaluation of computer systems' security. The method is based on MulVAL attack graph generation tool, adapted for risk calculation, generating possible attack paths leading to crucial assets of the audited IT system. It uses information from the security audits (hosts vulnerabilities) and detailed topology information. The authors present the approach to standard IT system security evaluation and risk assessment as well as advantages of the graph - based method. As the follow up, high level risk assessment of a broader, multi-domain national level environment is proposed.

Keywords: computer security, cybersecurity, attack graphs, risk assessment, intrusion detection, vulnerability, networks, computer attacks

Powiązane publikacje

Adres url strony

https://ieeexplore.ieee.org/document/8622975

Proactive risk assessment based on attack graphs An element of the risk management process on system, enterprise and national level - Publikacje

Wyszukiwarka

Publikacje

Proactive risk assessment based on attack graphs An element of the risk management process on system, enterprise and national level