Please use this identifier to cite or link to this item: http://dx.doi.org/10.14279/depositonce-6507
Main Title: A framework for automated identification of attack scenarios on it infrastructures
Author(s): Camtepe, Seyit Ahmet
Bsufka, Karsten
Hennig, Leonhard
Simsek, Cihan
Albayrak, Sahin
Type: Article
Language Code: en
Abstract: Due to increased complexity, scale, and functionality of information and telecommunication (IT) infrastructures, everyday new exploits and vulnerabilities are discovered. These vulnerabilities are most of the time used by malicious people to penetrate these IT infrastructures for mainly disruptingbusiness or stealing intellectual properties. Current incidents prove that it is not sufficient anymore to perform manual securitytests of the IT infrastructure based on sporadic securityaudits. Instead networks should be continuously testedagainst possible attacks. In this paper we present current resultsand challenges towards realizing automated and scalablesolutions to identify possible attack scenarios in an IT infrastructure. Namely, we define an extensible framework whichuses public vulnerability databases to identify probable multistepattacks in an IT infrastructure, and provide recommendations in the form of patching strategies, topology changes, and configuration updates.
URI: https://depositonce.tu-berlin.de//handle/11303/7231
http://dx.doi.org/10.14279/depositonce-6507
Issue Date: 2012
Date Available: 30-Nov-2017
DDC Class: 004 Informatik
Usage rights: Terms of German Copyright Law
Journal Title: Praxis der Informationsverarbeitung und Kommunikation
Publisher: De Gruyter
Publisher Place: Berlin [u.a.]
Volume: 35
Issue: 1
Publisher DOI: 10.1515/pik-2012-0005piko.2012.35.1.25
Page Start: 25
Page End: 31
EISSN: 0930-5157
ISSN: 1865-8342
Notes: Dieser Beitrag ist mit Zustimmung des Rechteinhabers aufgrund einer (DFG geförderten) Allianz- bzw. Nationallizenz frei zugänglich.
This publication is with permission of the rights owner freely accessible due to an Alliance licence and a national licence (funded by the DFG, German Research Foundation) respectively.
Appears in Collections:Institut für Wirtschaftsinformatik und Quantitative Methoden » Publications

Files in This Item:
File Description SizeFormat 
pik-2012-0005.pdf227.88 kBAdobe PDFThumbnail
View/Open


Items in DepositOnce are protected by copyright, with all rights reserved, unless otherwise indicated.