References:

R.E. Sawilla, D.J. Wiemer Automated computer network defence technology demonstration project Technologies for homeland security (HST) (2011)

E. Serra, S. Jajodia, A. Pugliese, A. Rullo, V.S. Subrahmanian Pareto-optimal adversarial defense of enterprise systems ACM Transactions on Information and System Security (TISSEC), 17 (3) (2015), p. 11

S. Jajodia, S. Noel, B. OBerry Topological analysis of network attack vulnerability In Managing Cyber Threats: Issues, Approaches and Challenges, Springer-Verlag, Germany (2003)

S. Noel, S. Jajodia, L. Wang, A. Singhal Measuring security risk of networks using attack graphs International Journal of Next-Generation Computing, 1 (1) (2010), pp. 135–147

C.V. Zhou, C. Leckie, S. Karunasekera A survey of coordinated attacks and collaborative intrusion detection Computers & Security, 29 (1) (2010), pp. 124–140

P. Ammann, D. Wijesekera, S. Kaushik Scalable, graph-based network vulnerability analysis Proceedings of 9th ACM Conference on Computer and Communications Security (ACM-CCS 2002) (2002), pp. 217–224

M. GhasemiGol, A. Ghaemi-Bafghi, H. Takabi A comprehensive approach for network attack forecasting Computers & security, 58 (2016), pp. 83–105

S. Jha, O. Sheyner, J. Wing Two formal analyses of attack graphs Proceedings of the 15th Computer Security Foundation Workshop (2002)

P. Mell, K. Scarfone, S. Romanosky A complete guide to the common vulnerability scoring system version FIRST-Forum of Incident Response and Security Teams (2007), pp. 1–23

L.P. Swiler, C. Phillips, D. Ellis, S. Chakerian Computer-attack graph generation tool In DARPA Information Survivability Conference and Exposition (DISCEX II01), 2 (2001)

CVE-2008-3257, Stack buffer overflow, 2008 Published in the National Vulnerability Database (NVD) on 22 Jul 2008. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-3257.

CVE-2008-5416, 2008, Published in the National Vulnerability Database (NVD) on 10 Dec 2008. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5416.

F. Cuppens, F. Autrel, Y. Bouzida, J. Garcia, S. Gombault, T. Sans Anti-correlation as a criterion to select appropriate counter-measures in an intrusion detection framework Annals of Telecommunications, 61 (1) (2006), pp. 197–217

C.-J. Chung, P. Khatkar, T. Xing, J. Lee, D. Huang NICE: Network intrusion detection and countermeasure selection in virtual network systems IEEE Transactions on Dependable and Secure Computing (TDSC), 5 (4) (2013), pp. 198–211

V.N. Franqueira, R.H. Lopes, P. van Eck Multi-step attack modelling and simulation (msAMS) framework based on mobile ambient Proceedings of the 2009 ACM symposium on Applied Computing (2009), pp. 66–73

W. Kanoun, N. Cuppens-Boulahia, F. Cuppens, S. Dubus, A. Martin Success likelihood of ongoing attacks for intrusion detection and response systems International Conference on Computational Science and Engineering (2009), pp. 83–91

B. Morin, L. Me, H. Debar, M. Ducasse A logic-based model to support alert correlation in intrusion detection Information Fusion, 10 (4) (2009), pp. 285–299

L. Wang, A. Singhal, S. Jajodia Measuring the overall security of network configurations using attack graphs Proceedings of the 21st Annual IFIP WG 11.3 Working Conference on Data and Application Security (2007), pp. 98–112 Redondo Beach, CA

T. Toth, C. Kregel Evaluating the impact of automated intrusion response mechanisms Proceedings of the 18th Annual Computer Security Applications Conference, Los Alamitos, USA (2002)

L. Wang, T. Islam, T. Long, A. Singhal, S. Jajodia An attack graph-based probabilistic security metric In Proceedings of the 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security (2008), pp. 283–296 London, U.K.

S. Wang, Z. Zhang, Y. Kadobayashi Exploring attack graph for cost-benefit security hardening: A probabilistic approach Computers & Security, 32 (2013), pp. 158–169

M. Frigault, L. Wang Measuring network security using bayesian network-based attack graphs In Proceedings of the 32nd Annual IEEE International Computer Software Applications Conference (2008), pp. 698–703 Turku, Finland

N. Poolsappasit, R. Dewri, I. Ray Dynamic security risk management using bayesian attack graphs IEEE Transactions on Dependable and Secure Computing, 9 (1) (2012), pp. 61–74

D. Saha Extending logical attack graph for efficient vulnerability analysis In Proceedings of the 15th ACM conference on Computer and communications security (2008), pp. 63–73 Alexandria, VA

A. Shameli-Sendi, M. Dagenais ORCEF: Online response cost evaluation framework for intrusion response system Journal of Network and Computer Applications, 55 (2015), pp. 89–107

L. Wang, T. Islam, T. Long, A. Singhal, S. Jajodia An attack graph-based probabilistic security metric Proceedings of The 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSEC08) (2008)

L. Wang, S. Jajodia, A. Singhal, P. Cheng, S. Noel K-zero day safety: a network security metric for measuring the risk of unknown vulnerabilities IEEE Transactions on Dependable and Secure Computing, 11 (1) (2014), pp. 30–44

A. Shameli-Sendi, M. Cheriet, A. Hamou-Lhadj Taxonomy of intrusion risk assessment and response system Computers & Security, 45 (2014), pp. 1–16

Z. Gu, J. Li, B. Xu Automatic service composition based on enhanced service dependency graph IEEE International Conference on Web Services (2008), pp. 246–253

S. Noel, S. Jajodia Understanding complex network attack graphs through clustered adjacency matrices Proceedings of the 21st Annual Computer Security Conference (ACSAC) (2005), pp. 160–169

L. Wang, A. Liu, S. Jajodia Using attack graph for correlating, hypothesizing, and predicting intrusion alerts Computer Communications, 29 (15) (2006), pp. 2917–2933

M. Jahnke, C. Thul, P. Martini Graph-based metrics for intrusion response measures in computer networks Proceedings of the 3rd LCN Workshop on Network Security. Held in conjunction with the 32nd IEEE Conference on Local Computer Networks (LCN), Dublin, Ireland (2007)

W. Kanoun, N. Cuppens-Boulahia, F. Cuppens, J. Araujo Automated reaction based on risk analysis and attackers skills in intrusion detection systems Third International Conference on Risks and Security of Internet and Systems (2008), pp. 117–124

R. Dantu, K. Loper, P. Kolan Risk management using behavior based attack graphs Proceedings of the International Conference on Information Technology : Coding and Computing (ITCC04) (2004), pp. 445–449

N. Kheir, N. Cuppens-Boulahia, F. Cuppens, H. Debar A service dependency model for cost sensitive intrusion response Proceedings of the 15th European Conference on Research in Computer Security (2010), pp. 626–642

C.P. Mu, X.J. Li, H.K. Huang, S.F. Tian Online risk assessment of intrusion scenarios using d-s evidence theory Proceedings of ESORICS (2008), pp. 35–48

A.A. rnes, K. Sallhammar, K. Haslum, T. Brekne, M. Moe, S. Knapskog Real-time risk assessment with network sensors and intrusion detection systems In International Conference on Computational Intelligence and Security (CIS 2005) (2005), pp. 388–397

A. Gehani, G. Kedem Rheostat : Real-time risk management Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection (2004), pp. 15–17

K. Haslum, A. Abraham, S. Knapskog Fuzzy online risk assessment for distributed intrusion prediction and prevention systems Tenth International Conference on Computer Modeling and Simulation, IEEE Computer Society Press (2008), pp. 216–223 Cambridge

F. Cuppens, R. Ortalo Lambda: A language to model a database for detection of attacks Third International Workshop on Recent Advances in Intrusion Detection (RAID2000), Toulouse, France (2000)

M. Desnoyers, M. Dagenais LTTng: Tracing across execution layers, from the hypervisor to user-space Linux Symposium (2008) Ottawa, Canada

A. Shameli-Sendi, N. Ezzati-Jivan, M. Jabbarifar, M. Dagenais Intrusion response systems: Survey and taxonomy International Journal of Computer Science and Network Security, 12 (1) (2012), pp. 1–14

W. Kanoun, N. Cuppens-Boulahia, F. Cuppens, F. Autrel Advanced reaction using risk assessment in intrusion detection systems Second International Workshop on Critical Information Infrastructures Security (CRITIS07) (2007) Springer, Ed., Spain

A. Shameli-Sendi, M. Dagenais ARITO: Cyber-attack response system using accurate risk impact tolerance International Journal of Information Security, 13 (4) (2014), pp. 367–390

E. Totel, B. Vivinis, L. Mé A language driven intrusion detection system for event and alert correlation Proceedings at the 19th IFIP International Information Security Conference, Kluwer Academic, Toulouse (2004), pp. 209–224

J. Goubault-Larrec An introduction to logweaver Technical report, LSV (2001)

N. Ezzati-Jivan, M. Dagenais, A stateful approach to generate synthetic events from kernel traces, in: A Stateful Approach to Generate Synthetic Events from Kernel Traces, Advances in Software Engineering, Volume 2012, 12 pages.

A. Montplaisir Stockage sur disque pour accès rapide dàttributs avec intervalles de temps M. Sc.A. thesis, École Polytechnique de Montréal (2011)

A.A. rnes, P. Haas, G. Vigna, R. Kemmerer Using a virtual security testbed for digital forensic reconstruction Journal in Computer Virology, 2 (2007), pp. 275–289

Common Vulnerability and Exposures, http://cve.mitre.org/.

N. Elhage, 2010, https://access.redhat.com/security/cve/CVE-2010-4258.

S.H. Ahmadinejad, S. Jalili, M. Abadi A hybrid model for correlating alerts of known and unknown attack scenarios and updating attack graphs Computer Networks, 55 (9) (2011), pp. 2221–2240

X. Ou, S. Govindavajhala, A.W. Appel MulVAL: a logic-based network security analyzer Proc. of 14th USENIX Security Symp. (2005), pp. 113–128

S. Roschke, F. Cheng, C. Meinel A new alert correlation algorithm based on attack graph Computational Intelligence in Security for Information Systems, volume 6694 (2011), pp. 58–67