By Topic

Partial cuts in attack graphs for cost effective network defence

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Reginald Sawilla ; Defence R&D Canada, Ottawa, ON, Canada ; David Skillicorn

Because of increasing vulnerabilities, maturing attack tools, and increasing dependence on computer network infrastructure, tools to support network defenders are essential. Course-of-action recommendation research has often assumed a goal of perfect network security. In reality, network administrators balance security with usability and so tolerate vulnerabilities and imperfect security. We provide realistic course-of-action decision support for network administrators by minimizing connectivity in attack graphs, by optimizing network configuration changes to separate defence goals from attackers as much as possible, even when complete security is impractical. We introduce vertex closures and closure-relation graphs in AND/OR digraphs as the underlying framework. Computing an optimal course-of-action is NP-hard but we design a polynomial-time greedy algorithm that almost always produces an optimal solution.

Published in:

Homeland Security (HST), 2012 IEEE Conference on Technologies for

Date of Conference:

13-15 Nov. 2012