Title :
Qualitative and quantitative analytical techniques for network security assessment
Author :
Clark, K. ; Tyree, S. ; Dawkins, J. ; Hale, J.
Author_Institution :
Tulsa Univ., OK, USA
Abstract :
As attacks upon critical network infrastructures increase in complexity and destructiveness, new methods are needed to aid security administrators in protecting their networks. This paper describes a multistage attack modeling framework in which to explore new techniques for risk-based network security management. The multistage attack modeling foundation employs functional vulnerability specifications, object-oriented network models and attacker capability expressions to support compound vulnerability analysis. It is through this framework that we present quantitative and qualitative techniques for compound vulnerability risk assessment.
Keywords :
computer network management; object-oriented methods; risk analysis; security of data; telecommunication security; compound vulnerability analysis; multistage attack modeling framework; risk-based network security management; Expert systems; Information security; Intelligent networks; Investments; Java; Mission critical systems; Network topology; Object oriented modeling; Protection; Risk management;
Conference_Titel :
Information Assurance Workshop, 2004. Proceedings from the Fifth Annual IEEE SMC
Print_ISBN :
0-7803-8572-1
DOI :
10.1109/IAW.2004.1437834
