Competitive Markov decision processes
Competitive Markov decision processes
Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security
IEEE Transactions on Software Engineering
Automated Generation and Analysis of Attack Graphs
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Handbook of Mathematical Functions, With Formulas, Graphs, and Mathematical Tables,
Handbook of Mathematical Functions, With Formulas, Graphs, and Mathematical Tables,
Experiences with Honeypot Systems: Development, Deployment, and Analysis
HICSS '06 Proceedings of the 39th Annual Hawaii International Conference on System Sciences - Volume 09
Lessons learned from the deployment of a high-interaction honeypot
EDCC '06 Proceedings of the Sixth European Dependable Computing Conference
Practical Attack Graph Generation for Network Defense
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
IAS '07 Proceedings of the Third International Symposium on Information Assurance and Security
HiNFRA: Hierarchical Neuro-Fuzzy Learning for Online Risk Assessment
AMS '08 Proceedings of the 2008 Second Asia International Conference on Modelling & Simulation (AMS)
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Using hidden markov models to evaluate the risks of intrusions
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
| Hi-index | 0.00 |
We propose a novel approach for statistical risk modeling of network attacks that lets an operator perform risk analysis using a data model and an impact model on top of an attack graph in combination with a statistical model of the attacker community exploitation skill. The data model describes how data flows between nodes in the network – how it is copied and processed by softwares and hosts – while the impact model models how exploitation of vulnerabilities affects the data flows with respect to the confidentiality, integrity and availability of the data. In addition, by assigning a loss value to a compromised data set, we can estimate the cost of a successful attack. The statistical model lets us incorporate real-time monitor data from a honeypot in the risk calculation. The exploitation skill distribution is inferred by first classifying each vulnerability into a required exploitation skill-level category, then mapping each skill-level into a distribution over the required exploitation skill, and last applying Bayesian inference over the attack data. The final security risk is thereafter computed by marginalizing over the exploitation skill.