| 000 | 04401nam a22002415i 4500 | ||
|---|---|---|---|
| 999 |
_c32470 _d32470 |
||
| 001 | 19961528 | ||
| 010 | _a 2017952946 | ||
| 020 | _a9783319665047 | ||
| 040 | _aUOWD | ||
| 082 | _a005.8 WA NE | ||
| 100 |
_aWang, Lingyu _910278 |
||
| 245 | 0 | 0 |
_aNetwork security metrics / _cLingyu Wang, Sushil Jajodia, Anoop Singhal |
| 260 |
_aCham, Switzerland : _bSpringer, _cc2017. |
||
| 300 |
_axiv, 207 p. : _bill. ; _c25 cm. |
||
| 505 | _aPreface; Acknowledgements; Contents; Measuring the Overall Network Security by Combining CVSS Scores Based on Attack Graphs and Bayesian Networks; 1 Introduction; 2 Propagating Attack Probabilities Along Attack Paths; 2.1 Motivating Example; 2.2 Defining the Metric; 2.3 Handling Cycles in Attack Graphs; 3 Bayesian Network-Based Attack Graph Model; 3.1 Representing Attack Graphs Using BNs; 3.2 Comparing to the Previous Approach; 4 Dynamic Bayesian Network-Based Model; 4.1 The General Model; 4.2 Case 1: Inferring Exploit Node Values; 4.3 Case 2: Inferring TGS Node Values; 5 Conclusion. 4.2 Simulation Results5 Conclusion; References; Security Risk Analysis of Enterprise Networks Using Probabilistic Attack Graphs; 1 Introduction; 2 Attack Graphs; 2.1 Tools for Generating Attack Graphs; 3 Past Work in Security Risk Analysis; 4 Common Vulnerability Scoring System (CVSS); 4.1 An Example; 5 Security Risk Analysis of Enterprise Networks Using Attack Graphs; 5.1 Example 1; 5.1.1 Overview; 5.2 Example 2; 5.3 Example 3; 5.4 Using Metrics to Prioritize Risk Mitigation; 6 Challenges; 7 Conclusions; References. K-Zero Day Safety: Evaluating the Resilience of Networks Against Unknown Attacks1 Introduction; 2 Motivating Example; 3 Modeling k-Zero Day Safety; 4 Applying k-Zero Day Safety; 4.1 Redefining Network Hardening; 4.2 Instantiating the Model; 5 Case Study; 5.1 Diversity; 5.2 Known Vulnerability and Unnecessary Service; 5.3 Backup of Asset; 5.4 Firewall; 5.5 Stuxnet and SCADA Security; 6 Conclusion; References; Using Bayesian Networks to Fuse Intrusion Evidences and Detect Zero-Day Attack Paths; 1 Motivation; 2 Rationales and Models; 2.1 Rationales of Using Bayesian Networks. 2.2 Problems of Constructing BN Based on SODG2.3 Object Instance Graph; 3 Instance-Graph-Based Bayesian Networks; 3.1 The Infection Propagation Models; 3.2 Evidence Incorporation; 4 System Overview; 5 Implementation; 6 Evaluation; 6.1 Attack Scenario; 6.2 Experiment Results; 7 Conclusion; References; Evaluating the Network Diversity of Networks Against Zero-DayAttacks; 1 Introduction; 2 Use Cases; 2.1 Use Case 1: Stuxnet and SCADA Security; 2.2 Use Case 2: Worm Propagation; 2.3 Use Case 3: Targeted Attack; 2.4 Use Case 4: MTD; 3 Biodiversity-Inspired Network Diversity Metric. | ||
| 520 | _aThis book examines different aspects of network security metrics and their application to enterprise networks. One of the most pertinent issues in securing mission-critical computing networks is the lack of effective security metrics which this book discusses in detail. Since “you cannot improve what you cannot measure”, a network security metric is essential to evaluating the relative effectiveness of potential network security solutions. The authors start by examining the limitations of existing solutions and standards on security metrics, such as CVSS and attack surface, which typically focus on known vulnerabilities in individual software products or systems. The first few chapters of this book describe different approaches to fusing individual metric values obtained from CVSS scores into an overall measure of network security using attack graphs. Since CVSS scores are only available for previously known vulnerabilities, such approaches do not consider the threat of unknown attacks exploiting the so-called zero day vulnerabilities. Therefore, several chapters of this book are dedicated to develop network security metrics especially designed for dealing with zero day attacks where the challenge is that little or no prior knowledge is available about the exploited vulnerabilities, and thus most existing methodologies for designing security metrics are no longer effective. | ||
| 650 |
_aNetwork security metrics _910279 |
||
| 650 |
_aNetwork security _99866 |
||
| 700 |
_aJajodia, Sushil _914679 |
||
| 700 |
_aSinghal, Anoop _914680 |
||
| 856 |
_uhttps://uowd.box.com/s/5vnk9zyu38eescpj5fjcd66tyw32exw9 _zLocation Map |
||
| 942 |
_2ddc _cREGULAR |
||