Skip to main content
SpringerLink
Log in

Analyzing Vulnerabilities and Measuring Security Level at Design and Exploitation Stages of Computer Network Life Cycle

  • Conference paper
Computer Network Security (MMM-ACNS 2005)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 3685))

Abstract

Vulnerability detection and security level estimation are actual tasks of protecting computer networks. The paper considers the models and architectures of intelligent components intended for active analyzing computer network vulnerabilities and estimating its security level. The offered approach is based on simulation of computer attacks on different levels of detail and intended for implementation at various stages of computer network life cycle, including design and exploitation stages.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. CERT/CC Statistics (1988-2005), http://www.cert.org/stats/cert_stats.html

  2. Chapman, C., Ward, S.: Project Risk Management: processes, techniques and insights. John Wiley, Chichester (2003)

    Google Scholar 

  3. Chi, S.-D., Park, J.S., Jung, K.-C., Lee, J.-S.: Network Security Modeling and Cyber Attack Simulation Methodology. In: Varadharajan, V., Mu, Y. (eds.) ACISP 2001. LNCS, vol. 2119, p. 320. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  4. Chirillo, J.: Hack Attacks Testing – How to Conduct Your Own Security Audit. Wiley Publishing, Chichester (2003)

    Google Scholar 

  5. Chung, M., Mukherjee, B., Olsson, R.A., Puketza, N.: Simulating Concurrent Intrusions for Testing Intrusion Detection Systems. In: Proc. of the 18th NISSC (1995)

    Google Scholar 

  6. Cohen, F.: Simulating Cyber Attacks, Defenses, and Consequences. In: IEEE Symposium on Security and Privacy, Berkeley, CA (1999)

    Google Scholar 

  7. Dawkins, J., Campbell, C., Hale, J.: Modeling network attacks: Extending the attack tree paradigm. In: Workshop on Statistical and Machine Learning Techniques in Computer Intrusion Detection, Johns Hopkins University (2002)

    Google Scholar 

  8. Goldman, R.P.: A Stochastic Model for Intrusions. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, p. 199. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  9. Gorodetski, V., Kotenko, I.: Attacks against Computer Network: Formal Grammar-based Framework and Simulation Tool. In: Wespi, A., Vigna, G., Deri, L. (eds.) RAID 2002. LNCS, vol. 2516, p. 219. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  10. Hariri, S., Qu, G., Dharmagadda, T., Ramkishore, M., Raghavendra, C.S.: Impact Analysis of Faults and Attacks in Large-Scale Networks. IEEE Security & Privacy (September/October 2003)

    Google Scholar 

  11. Henning, R.: Workshop on Information Security System Scoring and Ranking. Applied Computer Security Associates and The MITRE Corporation, Williamsburg (2001)

    Google Scholar 

  12. Iglun, K., Kemmerer, R.A., Porras, P.A.: State Transition Analysis: A Rule-Based Intrusion Detection System. IEEE Transactions on Software Engineering 21(3) (1995)

    Google Scholar 

  13. Jha, S., Sheyner, O., Wing, J.: Minimization and reliability analysis of attack graphs. Technical Report CMU-CS-02-109, Carnegie Mellon University (2002)

    Google Scholar 

  14. Jha, S., Linger, R., Longstaff, T., Wing, J.: Survivability Analysis of Network Specifications. In: Intern. Conference on Dependable Systems and Networks. IEEE CS Press, Los Alamitos (2000)

    Google Scholar 

  15. Kemmerer, R.A., Vigna, G.: NetSTAT: A network-based intrusion detection approach. In: 14th Annual Computer Security Applications Conference, Scottsdale, Arizona (1998)

    Google Scholar 

  16. Kumar, S., Spafford, E.H.: An Application of Pattern Matching in Intrusion Detection. Technical Report CSDTR 94 013. Purdue University (1994)

    Google Scholar 

  17. Lye, K., Wing, J.: Game Strategies in Network Security. International Journal of Information Security (February 2005)

    Google Scholar 

  18. McNab, C.: Network Security Assessment. O’Reilly Media, Inc., Sebastopol (2004)

    Google Scholar 

  19. Moitra, S.D., Konda, S.L.: A Simulation Model for Managing Survivability of Networked Information Systems, Technical Report CMU/SEI-2000-TR-020 (December 2000)

    Google Scholar 

  20. Moore, A.P., Ellison, R.J., Linger, R.C.: Attack Modeling for Information Security and Survivability. Technical Note CMU/SEI-2001-TN-001 (March 2001)

    Google Scholar 

  21. Nessus Network Auditing. Renaud Deraison. Syngress Publishing, Inc. (2004)

    Google Scholar 

  22. Nicol, D.M., Sanders, W.H., Trivedi, K.S.: Model-Based Evaluation: From Dependability to Security. IEEE Transactions on Dependable and Secure Computing 1(1) (2004)

    Google Scholar 

  23. Ortalo, R., Dewarte, Y., Kaaniche, M.: Experimenting with quantitative evaluation tools for monitoring operational security. IEEE Trans. on Software Engineering 25(5) (1999)

    Google Scholar 

  24. OSVDB: The Open Source Vulnerability Database, http://www.osvdb.org/

  25. Peltier, T.R.: Information security risk analysis. Auerbach (2001)

    Google Scholar 

  26. Peltier, T.R., Peltier, J., Blackley, J.A.: Managing a Network Vulnerability Assessment. Auerbach Publications (2003)

    Google Scholar 

  27. POSITIF Project leaflet (2004), http://www.positif.org/idissemination.html

  28. RiskWatch users manual, http://www.riskwatch.com

  29. Ritchey, R.W., Ammann, P.: Using model checking to analyze network vulnerabilities. In: Proceedings of IEEE Computer Society Symposium on Security and Privacy (2000)

    Google Scholar 

  30. Rohse, M.: Vulnerability naming schemes and description languages: CVE, Bugtraq, AVDL and VulnXML. SANS GSEC PRACTICAL (2003)

    Google Scholar 

  31. Sademies, A.: Process Approach to Information Security Metrics in Finnish Industry and State Institutions. VTT Electronics, Espoo. VTT Publications (2004)

    Google Scholar 

  32. Schneier, B.: Attack Trees. Dr. Dobb’s Journal 12 (1999)

    Google Scholar 

  33. Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proc. of the IEEE Symposium on Security and Privacy (2002)

    Google Scholar 

  34. Singh, S., Lyons, J., Nicol, D.M.: Fast Model-based Penetration Testing. In: Proceedings of the 2004 Winter Simulation Conference (2004)

    Google Scholar 

  35. Steffan, J., Schumacher, M.: Collaborative Attack Modeling. In: 17th ACM Symposium on Applied Computing (SAC 2002), Madrid, Spain (2002)

    Google Scholar 

  36. Stewart, A.J.: Distributed Metastasis: A Computer Network Penetration Methodology. Phrack Magazine 9(55) (1999)

    Google Scholar 

  37. Storms, A.: Using vulnerability assessment tools to develop an OCTAVE Risk Profile. SANS Institute, http://www.sans.org

  38. Swiler, L., Phillips, C., Ellis, D., Chakerian, S.: Computer-attack graph generation tool. In: DISCEX 2001 (2001)

    Google Scholar 

  39. Templeton, S.J., Levitt, K.: A Requires/Provides Model for Computer Attacks. In: Proc. of the New Security Paradigms Workshop (2000)

    Google Scholar 

  40. Yuill, J., Wu, F., Settle, J., Gong, F.: Intrusion-detection for incident-response, using a military battlefield-intelligence process. Computer Networks (34) (2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. SPIIRAS, 39, 14 Liniya, St.-Petersburg, 199178, Russia

    Igor Kotenko & Mihail Stepashkin

Authors
  1. Igor Kotenko
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mihail Stepashkin
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. St. Petersburg Intitute for Informaticsand Automation, 39, 14-th Liniya, 199178, St. Petersburg, Russia

    Vladimir Gorodetsky

  2. Computer Security Research Group, St. Petersburg Institute for Informatics and Automation, 39, 14 Liniya, 199178, St.-Petersburg, Russia

    Igor Kotenko

  3. US Air Force, Binghamton University (SUNYI), 13902, Binghamton, NY, USA

    Victor Skormin

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kotenko, I., Stepashkin, M. (2005). Analyzing Vulnerabilities and Measuring Security Level at Design and Exploitation Stages of Computer Network Life Cycle. In: Gorodetsky, V., Kotenko, I., Skormin, V. (eds) Computer Network Security. MMM-ACNS 2005. Lecture Notes in Computer Science, vol 3685. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11560326_24

Download citation

  • DOI: https://doi.org/10.1007/11560326_24

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-29113-8

  • Online ISBN: 978-3-540-31998-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation