Notice of Violation of IEEE Publication PrinciplesA Petri-net model of network security testing

Notice of Violation of IEEE Publication Principles

"A Petri-net Model of Network Security Testing"
by Jun-long Yan, Ming-xin He, Tie-yuan Li
in the 2011 IEEE International Conference on Computer Science and Automation Engineering (CSAE), 2011, pp. 188 – 192

After careful and considered review of the content and authorship of this paper by a duly constituted expert committee, this paper has been found to be in violation of IEEE\´s Publication Principles.

This paper contains significant portions of original text from the paper cited below. The original text was copied with insufficient attribution (including appropriate references to the original author(s) and/or paper title) and without permission.

Due to the nature of this violation, reasonable effort should be made to remove all past references to this paper, and future references should be made to the following article:

"Attack Net Penetration Testing"
by J.P. McDermott
in the Proceedings of the 2000 Workshop on New Security Paradigms (NSPW 2000), 2001, pp. 15 – 21

Given the increasing dependence of our societies on networked information systems, the overall security of these systems should be measured and improved. Existing security metrics have generally focused on measuring individual vulnerabilities without considering their combined effects. In this paper, we proposed a Petri-net based model. It retains key advantages of the flaw hypothesis and attack trees approaches while providing some new benefits. This novel model provides a theoretical foundation and a practical framework for continuously measuring network security in a dynamic environment.