As penetration testing frameworks have evolved and have become more complex, the problem of controlling automati-cally the pentesting tool has become an important question. This can be naturally addressed as an attack planning prob-lem. Previous approaches to this problem were based on modeling the actions and assets in the PDDL language, and using off-the-shelf AI tools to generate attack plans. These approaches however are limited. In particular, the plan-ning is classical (the actions are deterministic) and thus not able to handle the uncertainty involved in this form of at-tack planning. We herein contribute a planning model that does capture the uncertainty about the results of the ac-tions, which is modeled as a probability of success...
The last twenty-five years have seen an explosion in the number of networks in the world. With this ...
In network security hardening a network administrator may need to use limited resources (such as hon...
Attack trees are a well-known formalism for quantitative analysis of cyber attacks consisting of mul...
Assessing network security is a complex and difficult task. Attack graphs have been proposed as a to...
In penetration testing (pentesting), network administrators attack their own network to identify and...
Penetration Testing is a methodology for assessing network security, by generating and executing pos...
Penetration Testing is a methodology for assessing network security, by generating and executing pos...
Assessing network security is a complex and difficult task. Attack graphs have been proposed as a to...
Securing the networks of large organizations is technically challenging due to the complex configura...
International audiencePenetration Testing is a methodology for assessing network security, by genera...
With the convergence of IT and OT networks, more opportunities can be found to destroy physical proc...
We report on the results of applying classical planning techniques to the problem of analyzing compu...
tThis study proposes a novel probabilistically timed dynamic model for physical securityattack scena...
Managed security services (MSS) are becoming increasingly popular today. In MSS, enterprises contrac...
Attack trees are a well-known formalism for quantitative analysis of cyber attacks consisting of mul...
The last twenty-five years have seen an explosion in the number of networks in the world. With this ...
In network security hardening a network administrator may need to use limited resources (such as hon...
Attack trees are a well-known formalism for quantitative analysis of cyber attacks consisting of mul...
Assessing network security is a complex and difficult task. Attack graphs have been proposed as a to...
In penetration testing (pentesting), network administrators attack their own network to identify and...
Penetration Testing is a methodology for assessing network security, by generating and executing pos...
Penetration Testing is a methodology for assessing network security, by generating and executing pos...
Assessing network security is a complex and difficult task. Attack graphs have been proposed as a to...
Securing the networks of large organizations is technically challenging due to the complex configura...
International audiencePenetration Testing is a methodology for assessing network security, by genera...
With the convergence of IT and OT networks, more opportunities can be found to destroy physical proc...
We report on the results of applying classical planning techniques to the problem of analyzing compu...
tThis study proposes a novel probabilistically timed dynamic model for physical securityattack scena...
Managed security services (MSS) are becoming increasingly popular today. In MSS, enterprises contrac...
Attack trees are a well-known formalism for quantitative analysis of cyber attacks consisting of mul...
The last twenty-five years have seen an explosion in the number of networks in the world. With this ...
In network security hardening a network administrator may need to use limited resources (such as hon...
Attack trees are a well-known formalism for quantitative analysis of cyber attacks consisting of mul...