Security event correlation approaches are necessary to detect and predict incremental
threats such as multi-step or targeted attacks (advanced persistent threats) and other causal …

Cyber situational awareness is an essential part of cyber defense that allows the
cybersecurity operators to cope with the complexity of today's networks and threat …

We study the problem of allocating limited security countermeasures to protect network data
from cyber-attacks, for scenarios modeled by Bayesian attack graphs. We consider multi …

Vulnerability analysis has long been used to evaluate the security posture of a system.
Different approaches, including vulnerability graphs and various vulnerability metrics, have …

Connecting critical infrastructure assets to the network is absolutely essential for modern
industries. In contrast to the apparent advantages, network connectivity exposes other …

For more than a decade, the notion of attack surface has been used to define the set of
vulnerable assets that an adversary may exploit to penetrate a system, and various metrics …

Embodiments provide a system and method for constructing a graph-based model for
optimizing the security posture of a composed system. During operation, the system …

Addressing security misconfiguration in complex distributed systems, such as networked
Industrial Control Systems (ICS) and Internet of Things (IoT) is challenging. Owners and …

Current approaches to estimate the risk of compromise are based on either historical data or
pure technical assessments, such as the number and severity of vulnerabilities in the target …

We investigate the extent to which redundancy (including with diversity) can help mitigate
the impact of cyber attacks that aim to reduce system performance. Using analytical …