Ensuring Security by Detecting Zombies in Virtual Networks



Similar documents
Secure Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems

Malware Hunter: Building an Intrusion Detection System (IDS) to Neutralize Botnet Attacks

Attack Graph Techniques

Vol. 2, Issue I, Jan ISSN

Secure Attack Measure Selection and Intrusion Detection in Virtual Cloud Networks. Karnataka.

Network Intrusion Detection in Virtual Network Systems Using NICE-A

An Efficient Methodology for Detecting Spam Using Spot System

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

Ashok Kumar Gonela MTech Department of CSE Miracle Educational Group Of Institutions Bhogapuram.

Implementation of Botcatch for Identifying Bot Infected Hosts

Analyze & Classify Intrusions to Detect Selective Measures to Optimize Intrusions in Virtual Network

International Journal of Enterprise Computing and Business Systems ISSN (Online) :

Taxonomy of Intrusion Detection System

GFI White Paper PCI-DSS compliance and GFI Software products

International Journal of Scientific & Engineering Research, Volume 6, Issue 5, May ISSN

IDS / IPS. James E. Thiel S.W.A.T.

A TWO LEVEL ARCHITECTURE USING CONSENSUS METHOD FOR GLOBAL DECISION MAKING AGAINST DDoS ATTACKS

Advancement in Virtualization Based Intrusion Detection System in Cloud Environment

Protecting Privacy Secure Mechanism for Data Reporting In Wireless Sensor Networks

Firewalls, Tunnels, and Network Intrusion Detection

74% 96 Action Items. Compliance

A Review of Anomaly Detection Techniques in Network Intrusion Detection System

Wireless Network Security

Firewalls, Tunnels, and Network Intrusion Detection. Firewalls

Botnet Detection by Abnormal IRC Traffic Analysis

Introduction of Intrusion Detection Systems

Section 12 MUST BE COMPLETED BY: 4/22

Network Instruments white paper

BotHunter: Detecting Malware Infection Through IDS-Driven Dialog Correlation

A Review on Zero Day Attack Safety Using Different Scenarios

Dual Mechanism to Detect DDOS Attack Priyanka Dembla, Chander Diwaker 2 1 Research Scholar, 2 Assistant Professor

SANS Top 20 Critical Controls for Effective Cyber Defense

SPACK FIREWALL RESTRICTION WITH SECURITY IN CLOUD OVER THE VIRTUAL ENVIRONMENT

How to Detect and Prevent Cyber Attacks

CSCI 4250/6250 Fall 2015 Computer and Networks Security

DDOS WALL: AN INTERNET SERVICE PROVIDER PROTECTOR

Intrusion Detection System (IDS)

Statistical Analysis of Computer Network Security. Goran Kap and Dana Ali

Configuring Personal Firewalls and Understanding IDS. Securing Networks Chapter 3 Part 2 of 4 CA M S Mehta, FCA

AlienVault. Unified Security Management (USM) 5.x Policy Management Fundamentals

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Second-generation (GenII) honeypots

Symptoms Based Detection and Removal of Bot Processes

Windows Remote Access

Fuzzy Network Profiling for Intrusion Detection

MONITORING OF TRAFFIC OVER THE VICTIM UNDER TCP SYN FLOOD IN A LAN

Efficient Detection of Ddos Attacks by Entropy Variation

Banking Security using Honeypot

Two State Intrusion Detection System Against DDos Attack in Wireless Network

Attack graph analysis using parallel algorithm

WHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems

Appalachian Regional Commission Evaluation Report. Table of Contents. Results of Evaluation Areas for Improvement... 2

Intrusion Detection System in Campus Network: SNORT the most powerful Open Source Network Security Tool

Introduction... Error! Bookmark not defined. Intrusion detection & prevention principles... Error! Bookmark not defined.

CHAPTER 1 INTRODUCTION

Customized Data Exchange Gateway (DEG) for Automated File Exchange across Networks

Intrusion Detection and Prevention System (IDPS) Technology- Network Behavior Analysis System (NBAS)

Network Monitoring and Forensics

Architecture Overview

On-Premises DDoS Mitigation for the Enterprise

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

External Supplier Control Requirements

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

TABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY

Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed)

What a Vulnerability Assessment Scanner Can t Tell You. Leveraging Network Context to Prioritize Remediation Efforts and Identify Options

Cisco IPS Tuning Overview

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK

Name. Description. Rationale

Agenda. Understanding of Firewall s definition and Categorization. Understanding of Firewall s Deployment Architectures

ADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT

PROTECTING INFORMATION SYSTEMS WITH FIREWALLS: REVISED GUIDELINES ON FIREWALL TECHNOLOGIES AND POLICIES

Firewall Policy Anomalies- Detection and Resolution

Payment Card Industry Data Security Standard Payment Card Industry Data Security Standard (PCI / DSS)

Guideline on Auditing and Log Management

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Critical Security Controls

Science Park Research Journal

North Dakota 2013 IT Security Audit Vulnerability Assessment & Penetration Test Project Briefing

How To Detect An Advanced Persistent Threat Through Big Data And Network Analysis

How To Protect A Network From Attack From A Hacker (Hbss)

Overview. Summary of Key Findings. Tech Note PCI Wireless Guideline

How To Protect Your Network From Attack From A Hacker On A University Server

Concierge SIEM Reporting Overview

Network & Information Security Policy

Chapter 9 Firewalls and Intrusion Prevention Systems

Radware s Behavioral Server Cracking Protection

Transcription:

ISSN (Online) : 2319-8753 ISSN (Print) : 2347-6710 International Journal ofinnovativeresearch inscience, Engineering and Technology Volume 3, Special Issue 3, March 2014 2014 International Conference on Innovations in Engineering and Technology (ICIET 14) On 21 st &22 nd March Organized by K.L.N. College of Engineering, Madurai, Tamil Nadu, India Ensuring Security by Detecting Zombies in Networks A.Brinda, N.Balaganesh, M.S.Bhuvaneswari PG Scholar, Department Of Computer Science and Engineering, Mepco Schlenk Engineering College, Sivakasi, India Asst.Professor, Department Of Computer Science and Engineering, Mepco Schlenk Engineering College, Sivakasi, India Asst.Professor, Department Of Computer Science and Engineering, Mepco Schlenk Engineering College, Sivakasi, India Abstract-- Recent surveys say that users prefer secure services to affordable services. The systems that are connected to a network are highly vulnerable and the resources are under a chance of exploitation. The attackers are attracted towards such vulnerabilities which provoke them to deploy their attacks more effectively causing a denial of service. This leads to the loss of information and rise of many zombie s. If one system is compromised and becomes a zombie, the dependent systems are more prone to similar attacks. Moreover, as the users share computing resources through the same switch and file systems, there is also a chance of insiders turning into attackers to obtain information about opponents. The attackers can launch several attacks such as buffer overflow and remote code execution to gain the root access privilege. Hence, the detection of such zombie exploitation attacks is extremely difficult. In this paper, a vulnerability detection mechanism is proposed. It is built on attack graph-based models. The major components are a network intrusion detection agent and an attack graph generator. It comprises of two phases: Identification phase and Graph generation phase. It performs attack detection and identifies the corresponding vulnerability that has been exploited by means of an attack graph. Keywords--Security, Intrusion detection system, vulnerability, attack graph I. INTRODUCTION Security has one major purpose: to protect assets. Traditionally, this meant building strongwalls to stop the opponent and establishing small, well-guarded doors to provide secure access foracquaintances. This formula worked well for the centralized mainframe computers and closed networks. With the increased number of LANs and personal computers, the Internet began to create infinitenumbers of security risks. Firewall devices, which come under either software or hardware that stress onan access control policy between two or more networks, came into picture. This technology gavebusinesses a solution so that it can balance between security and simple outbound access to the Internet, which wasmostly used for mail and internet surfing. Most people expect security measures to serve the following:users can perform only authorized tasks. Users can obtain only authorized information. Users cannot cause damage to the data, applications, or operating environment of a system.the word securitymeans protection against malicious attack by opponents. Statistically, there are more attacks from inside sources. Security also includes reducing theimpacts of errors and equipment failures. Anything that can protect against a malicious behavior will probably prevent further damages, too. The top security threat is the exploitation of vulnerabilities and system resources to generate attacks. [1]. In [2], Vinay et al. addressed taxonomies of attacks and vulnerabilities which say that security assessment of a system is a difficult problem. Most of the current effortsin security assessment involve searching for known vulnerabilities. Finding unknownvulnerabilities still largely remains a subjective process. The process can be improvedby understanding the characteristics and nature of known vulnerabilities. The knowledge thus gained can be organized into a suitable taxonomy, which can then be usedas a framework for systematically examining new systems for similar but as yet unknown vulnerabilities. In [3], Ju yung et al. reviews the different countermeasure schemes and solutions that can address therisksoffered by the threats and attacks relatedtowsns have been identified and discussed. Although these threats M.R. Thansekhar and N. Balaji (Eds.): ICIET 14 2270

cannot be totally eliminated, a desired level of security can be achieved by adopting suchcountermeasure. The goal isto assist managers in making decisions by providingthemwithabasicunderstanding of the nature of the various threats associated with wireless networking and available countermeasures. The difficulty in managing security threats and vulnerabilities for small and medium-sizedenterprises (SME) are investigated in [4]. A detailed conceptual framework for asset andthreat classifications is proposed. This framework aims to assist SMEs to prevent and effectively mitigate threats and vulnerabilities in assets. The framework models security issues in terms of owner, vulnerabilities, threat agents, threats, countermeasures, risksand assets,and their relationship; while the asset classification is a value-based approach, and threat classification is based on attack timeline. To effectively detect and analyze the attacks and exploitation, a vulnerability detection mechanism is proposedthat detects and identifies the corresponding vulnerability that has been exploited. II.RELATED WORK In this section, papers related to areas such as zombie detection and prevention, and attack graph construction are discussed. The work by Duan et al. [5] signifies the detection of compromised s that have been made as spam zombies. The method, SPOT, is based on sequentially scanning outgoing messages while employing a statistical method Sequential Probability Ratio Test (SPRT), to quickly determine whether a system is under the control of an attacker or not. BotHunter [6] detects s under the control of the opponent based on the idea that a thorough malware infection process has steps that allow correlating the intrusion alarms triggered by incoming traffic with resulting outgoing traffic patterns. BotSniffer [7] uses consistent spatial-temporal behavior featuresof attacker controlled s to detect zombies by clustering flow patterns according to server connections and detecting the same pattern in the flow. An attack graph can represent a sequence of attacks that lead to a state, where an opponent has obtained rootaccess to a. There are many tools to construct attack graph. Sheyner et al. proposed atechnique based on a modified symbolic model checking NuSMV [8] and Binary Decision Diagrams (BDDs) toconstruct attack graph. Their model can produce allpossible attack paths; however, the scalability is a drawback. P.Amman et al. [9] came up with theassumption of monotonicity, which states that the preconditionof a given exploit is never invalidated by thesuccessful application of another exploit. Hence,attackers do not have the need to go back again in their attack path. Using this fact,they can obtain a precise, scalable graph format forencoding the attack tree. Ou et al. [10] introduced an attack graphtool called MulVAL, which makes use of a logic programmingapproach and Data log language to model and analyzenetwork system. The attack graph in the MulVAL isgenerated by collecting the real facts of thenetwork system under inspection. The process Ensuring Security by Detecting Zombies in Networks of constructing attack graph will finish off efficiently because the number of facts ispolynomial in system. MulVal s attack graph structure can be further extended and modified. III.SYSTEM MODELS In this section, the method of how to model attack graphs that are used to model security threats and vulnerabilities is described. A. Threat model: The opponent s main aim is to utilize vulnerable virtual s and make them as zombies. Traffic on the network is taken as the major source of input for detection of threats.this work does not include host-based IDS and does not take the issue of how to handle encrypted traffic for attack detections. B. Attack Graph model: An attack graph is a representation that can illustrate all possibleattack paths that are extremely difficult tounderstandand then to decide on the appropriate remedial steps. In an attack graph, each node signifieseither precondition or consequence of an exploit. Theactions need not necessarily be an active attack because normalprotocol operations can be mistaken for attacks. Attackgraph is employed for identifying potential threats, relevantattacks, and known vulnerabilities in a virtual networking system.as the attack graph gives details of all knownvulnerabilities in the system and the topology information the possibleattacks can be predictedby correlating detected events or activities. If a behavior is identified as a potential attack, specific measurescan be implementedto reduce its effect or takeactions to prevent it from damaging the system. IV. SYSTEM DESIGN The system consists of servers which contains a number of virtual s in it. Each server consists of an intrusion detection agent that monitors the traffic in and out of the virtual s or among the servers itself. The Agent is a light weighted network intrusion detection agent (NIDS) installed in each server. The Agent, an intrusion detection engine is used to capture and filter malicious traffic. The alerts generated by the agent are forwarded to the attack graph generator when suspicious or anomalous traffic is captured. These alerts are handled by the attack graph generator. The attack graph generator observes the severity of the alerts by referring to an attack graph designed for the particular network. This attack graph is established based on vulnerability information got from vulnerability scans and penetration scans run on the network. The attack M.R. Thansekhar and N. Balaji (Eds.): ICIET 14 2271

Ensuring Security by Detecting Zombies in Networks server1 IDS Agent server2 IDS Agent 1 2 3 4 1 2 Attack Graph Generator graph generator then selects a countermeasure from a countermeasure pool based on cost benefit analysis of the effectiveness of countermeasures. The system can be further enhanced by implementing selected countermeasure actions. The attack graph generator plays a major role in the construction of attack graph and in the identification of attackers. The architecture diagram of the system is shown in the Figure1. A. Identification Phase: In the identification phase, the agent located in each server scans the traffic among the virtual s and in and out the servers. The agent sniffs a mirroring port on each virtual bridge. Each bridge forms an isolated subnet. The traffic generated is mirrored to a specific port on a specific bridge. An attack graph for the network is constructed using information such as system information, virtual network topology and configuration information, and vulnerability information as shown in Figure 2. If any malicious traffic is detected, then the IDS generates an alert which is handled by the attack graph generator as shown in Figure3. B.Graph Generation Phase: An attack graph is a modeling tool to illustrate multistage, multihost attacks. It helps to understand threats in a system. In an attack graph, each node represents either precondition or post condition of an exploit. It is helpful in identifying potential threats, possible attack and known vulnerabilities in a system. The attack graph provides details of all known vulnerabilities and connectivity information of the system. If an event is identified as a potential attack, specific countermeasures can be applied to mitigate its impact from damaging the virtual system. Fig.1. Architecture diagram A Scenario Attack Graph is a tuple SAG = (V, E) where 1). V= N C N D N R denotes a set of vertices that include three types namely conjunctionnode N C to represent exploit, disjunction node N D to denote result of exploit, and root node N R for showing initial step of an attack scenario. 2) E = E pre E post denotes the set of directed edges. 3) An edge e E pre N D N C represents that N D must be satisfied to achieve N C. 4) An edge e E post N C N D means that the consequence shown by N D can be obtained if N C is satisfied. System information network topology and configuration information Vulnerability information Fig.2.Attack graph construction Attack graph Generation M.R. Thansekhar and N. Balaji (Eds.): ICIET 14 2272

Ensuring Security by Detecting Zombies in Networks Agent Monitors traffic Detects malicious behavior Generates alert and sends to Attack graph generator Fig.3.Identification phase V. IMPLEMENTATION In the alert generation phase, the network traffic is monitored by a software agent called NICE-A. This agent scans the traffic generated by the virtual s. If any malicious or anomalous traffic is detected then the agent generates an alert. Based on the severity of the alert, the suspicious virtual s are put in inspection or quarantine modes. Each alert consists of parameters such as source IP address, destination IP address, and type of the alert and timestamp of the alert. This alert is handled by the attack graph generator and based on the attack graph constructed for the particular network. The attack graph is constructed based on information such as cloud system information, virtual network topology, configuration information, and vulnerability information got from various components of the system. Once new vulnerabilities are discovered and countermeasures are deployed the attack graph is reconstructed. The process of constructing and utilizing the attack graph consists of three phases. 1. Information gathering 2. Attack graph construction 3. Potential exploit path analysis A. Information gathering The information is gathered from various sources such as virtual controller and scanners. The information gathered from them includes information such as number of virtual s in the server, running services on each virtual and virtual s virtual interface information. Thetopology and network configuration information provides information like virtual network topology, host connectivity, virtual connectivity, virtual s IP address, MAC address, port information and traffic flow information. The vulnerability information is gathered by running ondemand vulnerability scans and regular penetration tests using the vulnerability databases such as Open Source Vulnerability Database (OSDVB), Common Vulnerabilities and Exposures List (CVE) and NIST National Vulnerability Database(NVD). B. Graph Generation The attack graph is constructed using the above mentioned information such assystem information, virtual network topology, configuration information and the network vulnerability information. Each node in the attack graph represents vulnerability or an exploit by the attacker. C. Potential Exploit path analysis The attack graph provides information about the possible paths that an attacker can follow. A path from the initial node to the target node represents a successful attack. Thus analyzing the attack graph gives the current security status of the network, for which the attack graph model has been constructed. The attack graph helps in predicting the attacker s behavior. When each of thevulnerability is exploited, alerts are generated. The severity of the alert provides information about the efficiency of the attacker. This helps in selecting a suitable countermeasure for the attack. VI. RESULTS AND DISCUSSIONS The Wireshark packet capturing tool is used to capture the network traffic. The tool captures all the live packets in the connected network through the specified interface. The interfaces may be specified as either Local area Connection or Wireless Network connection. The tool automatically lists the available interfaces in the system. Using the specific interface, packets are captured. The captured packets are listed in the packet window. The captured packets are displayed in the Packet window with specific color formats as required. These formats can be set by the user. This feature is called packet colorization.then this packet information is saved in plain text file. This plain text file contains information about the packet such as Packet number (serial number), source IP address, Destination IP address, protocol used by the packet, length of the packet, source port number and the destination number. This packet information is extracted and displayed in the format.considering this captured packets information as the input dataset as shown in Figure 4, certain conditions are checked. The conditions ensure that no vulnerabilities are exploited in the network. Two types of simple vulnerabilities have been demonstrated. One is port number vulnerability and the other one is based on the number of requests to a particular system. M.R. Thansekhar and N. Balaji (Eds.): ICIET 14 2273

To demonstrate this, distinct IPs from the destination IPs list is taken. Then the destination IP which is suspected to be attacked is entered. The restricted ports of the suspected IP are displayed. The source IPs that send requests to the restricted ports of the destination IP are considered to exploit the port vulnerability as shown in Figure 5. The list of IPs that sends packets to the destination IP is taken. If it is above a particular threshold value it is taken as an attacker IP. The threshold value taken is n and if the number of requests exceeds n, then the source IP is considered to perform denial of service attack. SNo Time Source IP DestinationIP Protocol Len Sport Dport 3337 25.145405 172.16.19.4 Fig.4. Sample list of IPs. The attack graph construction phase is demonstrated 172.16.23.210 with a depth level of two. The TCP source node or the root node of the graph is taken as the location of the attacker. Two 60 types of 80 vulnerability are 2638 shown namely the port vulnerability and the requests vulnerability. The target node is the node which is suspected to be attacked. 3410 25.691712 The attack graph is a labeled graph with directed edges. If 172.16.23.210 any of the vulnerabilities are exploited, a directed edge from the source to the destination IP is constructed, 172.16.19.4 confirming a successful attack. TCP Some of the other types of vulnerabilities are buffer overflow, remote 66 2638 80 code execution, login without authentication, predictable random variable etc,. The generic model of the attack graph is shown in Figure 6. 3411 25.692323 172.16.19.4 List of 172.16.23.210 IPs using Port TCP vulnerability: 60 80 2638 SNo 3931 29.100234 Time SourceIP DestinationIP 172.16.27.33 Protocol Len 172.16.23.210 Sport Dport TCP 66 50814 445 Fig.5. Port vulnerability 5541 47.287726 4953172.16.23.210 39.464516 The attack graph construction phase is demonstrated with a depth level of two. The source node or the root 172.16.31.79 172.16.18.34 node of the graph is taken as TCP the location of the attacker. Two types of vulnerability are shown namely the 54 172.16.22.180 2640 6 TCP port vulnerability and the requests vulnerability. The target node 62 is the node 1374 which is suspected 445 to be attacked. The 5542 confirming 47.290457 a successful attack. Some of the other types of vulnerabilities are buffer overflow, remote code 5539 execution, 172.16.23.210 47.287322 login without authentication, predictable random variable etc,. 172.16.31.79 172.16.23.210 TCP 1514 172.16.31.79 2640 6 TCP 66 2640 5543 47.290501 80 5540 47.287692 Ensuring Security by Detecting Zombies in Networks Port numb er : Restri cted ports Attac ker in Intern et or Intran et Servi ces in desti natio n IP Fig.6.Generic Attack graph model VII. CONCLUSION In this paper, a vulnerability detection mechanism is proposed which is built on attack graph based analytical models and virtual network based countermeasures. It detects and mitigates collaborative attacks in the virtual environment. Attack graph model is used to conduct attack detection and prediction. Thus the proposed solution can greatly reduce the risk of the virtual network system from being exploited by internal and external attackers. This project illustrates only the network based IDS approach to counter zombie explorative attacks. VIII. FUTURE ENHANCEMENT This project can be further enhanced by incorporating host based IDS solutions to improve the detection accuracy and to counter attacks. ACKNOWLEDGMENT The authors wish to express their heartfelt thanks and gratitude to the Department of Computer Science and Engineering of Mepco Schlenk Engineering College, Sivakasi for providing good support and encouragement for this work.the authors also thank their principal and managementfor providing the necessary facilities to carry out this work. REFERENCES Numb er of reques ts : > Thres hold [1] Chun-Jen Chung,Pankaj Khatkar,Tianyi Xing, Jeongkeun Lee, Dijiang Huang, NICE: Network Intrusion Detection and Countermeasure Selection in Network Systems, IEEE Trans. M.R. Thansekhar and N. Balaji (Eds.): ICIET 14 2274

Ensuring Security by Detecting Zombies in Networks Dependable and Secure Computing,vol. 10,no.4,pp. 198-211, July- August.2013. [2]Vinay M. Igure, AND Ronald D. Williams, Taxonomies of attacks and vulnerabilities in computer systems, IEEE Communications magazine, 1st Quarter 2008, Volume 10, no. 1. [3] Ju young Kim, Ronnie D. Caytiles, Kyung Jung Kim, A Review of the Vulnerabilities and Attacks for Wireless Sensor Networks Security engineering journal. [4] C. Onwubikoand A. P. Lenaghan, Managing Security Threats and Vulnerabilities forsmall to Medium Enterprises, IEEE International Conference on Intelligence and Security Informatics 2007. [5] Z. Duan, P. Chen, F. Sanchez, Y. Dong, M. Stephenson, and J.Barker, Detecting Spam Zombies by Monitoring Outgoing Messages, IEEE Trans. Dependable and Secure Computing, vol. 9,no. 2, pp. 198-210, Apr. 2012. [6] G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W. Lee, BotHunter: Detecting Malware Infection through IDS-driven Dialog Correlation, Proc. 16th USENIX Security Symp. (SS 07),pp. 12:1-12:16, Aug. 2007. [7] G. Gu, J. Zhang, and W. Lee, BotSniffer: Detecting BotnetCommand and Control Channels in Network Traffic, Proc. 15th Network and Distributed Sytem Security Symp. (NDSS 08), Feb.2008. [8] NuSMV: A New Symbolic Model Checker, http://afrodite.itc.it:1024/nusmv.,aug. 2012. [9] P. Ammann, D. Wijesekera, and S. Kaushik, Scalable, graphbased network vulnerability analysis, Proc. 9th ACM Conf. Computer and Comm. Security (CCS 02), pp. 217-224, 2002. [10]X. Ou, S. Govindavajhala, and A.W. Appel, MulVAL: A Logic- Based Network Security Analyzer, Proc. 14th USENIX Security Symp., pp. 113-128, 2005. M.R. Thansekhar and N. Balaji (Eds.): ICIET 14 2275

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information