Change search
ReferencesLink to record
Permanent link

Direct link
A test of attack graph-based evaluation of IT-security
Umeå University, Faculty of Science and Technology, Department of Computing Science.
2014 (English)Independent thesis Advanced level (degree of Master (Two Years)), 20 credits / 30 HE creditsStudent thesis
Abstract [en]

To assess the accuracy and correctness of attack graphs I have studied several different attack graphs and their attributes. The purpose of this study is to find out if attack graphs can successfully predict real attacks on modern systems. Test design was built to test MulVALs performance when Nexpose is used to provide system information. Based on the ROC measurement method the results shows that MulVALs accuracy is only 0.02 percent when determining attack paths used to compromise the system. The main reason for low accuracy was due to the high trade o in precision, where MulVAL suggested thousands of paths to the decision maker which no attacker tried.

Place, publisher, year, edition, pages
, UMNAD, 976
National Category
Engineering and Technology
URN: urn:nbn:se:umu:diva-85911OAI: diva2:696145
External cooperation
Educational program
Master of Science Programme in Computing Science and Engineering
Available from: 2014-02-13 Created: 2014-02-13 Last updated: 2014-02-13Bibliographically approved

Open Access in DiVA

fulltext(1022 kB)782 downloads
File information
File name FULLTEXT01.pdfFile size 1022 kBChecksum SHA-512
Type fulltextMimetype application/pdf

By organisation
Department of Computing Science
Engineering and Technology

Search outside of DiVA

GoogleGoogle Scholar
Total: 782 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 626 hits
ReferencesLink to record
Permanent link

Direct link