Secrets & Lies: Digital Security in a Networked World
Secrets & Lies: Digital Security in a Networked World
The CISSP Prep Guide: Mastering the Ten Domains of Computer Security
The CISSP Prep Guide: Mastering the Ten Domains of Computer Security
Writing Secure Code
The economics of information security investment
ACM Transactions on Information and System Security (TISSEC)
Computer security strength and risk: a quantitative approach
Computer security strength and risk: a quantitative approach
Defense trees for economic evaluation of security investments
ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
Intrusion detection for wireless networks
Intrusion detection for wireless networks
SP 800-30. Risk Management Guide for Information Technology Systems
SP 800-30. Risk Management Guide for Information Technology Systems
Using game theory to configure P2P SIP
Proceedings of the 3rd International Conference on Principles, Systems and Applications of IP Telecommunications
Defensive configuration with game theory
IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
Self Adaptive High Interaction Honeypots Driven by Game Theory
SSS '09 Proceedings of the 11th International Symposium on Stabilization, Safety, and Security of Distributed Systems
Quantified security is a weak hypothesis: a critical survey of results and assumptions
NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Cyber security analysis using attack countermeasure trees
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Analyzing the security in the GSM radio network using attack jungles
ISoLA'10 Proceedings of the 4th international conference on Leveraging applications of formal methods, verification, and validation - Volume Part I
Attack-defense trees and two-player binary zero-sum extensive form games are equivalent
GameSec'10 Proceedings of the First international conference on Decision and game theory for security
Foundations of attack-defense trees
FAST'10 Proceedings of the 7th International conference on Formal aspects of security and trust
Interplay between security providers, consumers, and attackers: a weighted congestion game approach
GameSec'11 Proceedings of the Second international conference on Decision and Game Theory for Security
Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees
Security and Communication Networks
Attribute Decoration of Attack-Defense Trees
International Journal of Secure Software Engineering
Quantitative questions on attack: defense trees
ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology
Optimal interdiction of attack plans
Proceedings of the 2013 international conference on Autonomous agents and multi-agent systems
Hi-index | 0.00 |
In this paper we use defense trees, an extension of attack trees with countermeasures, to represent attack scenarios and game theory to detect the most promising actions attacker and defender. On one side the attacker wants to break the system (with as little efforts as possible), on the opposite side the defender want to protect it (sustaining the minimum cost). As utility function for the attacker and for the defender we consider economic indexes (like the Return on Investment (ROI) and the Return on Attack (ROA)). We show how our approach can be used to evaluate effectiveness and economic profitability of countermeasures as well as their deterrent effect on attackers, thus providing decision makers with a useful tool for performing better evaluation of IT security investments during the risk management process.