Information Technology Reference
In-Depth Information
The basic components of suggested intelligent SAS are the knowledge base of
functionality rules, the model of computer attacks and the model of security level as-
sessment based on developed taxonomy of security metrics. The SAS prototype was
implemented and the experiments were held based on the case-study developed.
The future research will be devoted to improving the models of computer attacks,
the model of security level assessment, and comprehensive experimental assessment
of offered approach.
Acknowledgement
This research is being supported by grant of Russian Foundation of Basic Research
(№ 04-01-00167), grant of the Department for Informational Technologies and Com-
putation Systems of the Russian Academy of Sciences (contract №3.2/03) and partly
funded by the EC as part of the POSITIF project (contract IST-2002-002314).
References
1.
CERT/CC Statistics 1988-2005. http://www.cert.org/stats/cert_stats.html
2.
Chapman, C., Ward S.: Project Risk Management: processes, techniques and insights.
Chichester, John Wiley (2003)
3.
Chi, S.-D., Park, J.S., Jung K.-C., Lee J.-S.: Network Security Modeling and Cyber Attack
Simulation Methodology. LNCS, Vol.2119 (2001)
4.
Chirillo J.: Hack Attacks Testing - How to Conduct Your Own Security Audit. Wiley Pub-
lishing (2003)
5.
Chung, M, Mukherjee, B., Olsson, R.A., Puketza, N.: Simulating Concurrent Intrusions for
Testing Intrusion Detection Systems. Proc. of the 18th NISSC (1995)
6.
Cohen, F.: Simulating Cyber Attacks, Defenses, and Consequences. IEEE Symposium on
Security and Privacy, Berkeley, CA (1999)
7.
Dawkins, J., Campbell, C., Hale, J.: Modeling network attacks: Extending the attack tree
paradigm. Workshop on Statistical and Machine Learning Techniques in Computer Intru-
sion Detection, Johns Hopkins University (2002)
8.
Goldman R.P.: A Stochastic Model for Intrusions. LNCS, V.2516 (2002)
9.
Gorodetski, V., Kotenko, I.: Attacks against Computer Network: Formal Grammar-based
Framework and Simulation Tool. RAID 2000. LNCS, V.2516 (2002)
10.
Hariri, S., Qu, G., Dharmagadda, T., Ramkishore, M., Raghavendra C. S.: Impact Analysis
of Faults and Attacks in Large-Scale Networks. IEEE Security & Privacy, Septem-
ber/October (2003)
11.
Henning, R.: Workshop on Information Security System Scoring and Ranking. Williams-
burg, VA: Applied Computer Security Associates and The MITRE Corporation (2001)
12.
Iglun, K., Kemmerer, R.A., Porras, P.A.: State Transition Analysis: A Rule-Based Intru-
sion Detection System. IEEE Transactions on Software Engineering, 21(3) (1995).
13.
Jha, S., Sheyner, O., Wing, J.: Minimization and reliability analysis of attack graphs.
Technical Report CMU-CS-02-109, Carnegie Mellon University (2002)
14.
Jha, S., Linger, R., Longstaff, T., Wing, J.: Survivability Analysis of Network Specifica-
tions. Intern. Conference on Dependable Systems and Networks, IEEE CS Press (2000)
15.
Kemmerer, R.A., Vigna, G.: NetSTAT: A network-based intrusion detection approach.
14th Annual Computer Security Applications Conference, Scottsdale, Arizona (1998)
