A quantitative risk analysis approach for deliberate threats
CRITIS'10 Proceedings of the 5th international conference on Critical Information Infrastructures Security
Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees
Security and Communication Networks
| Hi-index | 0.00 |
Quantitative security risk evaluation of information sys- tems is increasingly drawing more and more attention. This paper extends the attack tree model, and proposes a new quantitative risk evaluation method .While the risk value of the leaf node (atomic attack) is quantified, the multi- attribute utility theory is adopted. All algorithms are pre- sented for each steps of this new evaluation method. In ad- dition, a worked example is also experimented in this paper. The experimental result shows that the novel method can not only make the evaluation result more reasonable and objec- tive, but also offer a good foundation for the implementation of the automatic evaluation tool.