A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior
IEEE Transactions on Software Engineering
Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security
IEEE Transactions on Software Engineering
A requires/provides model for computer attacks
Proceedings of the 2000 workshop on New security paradigms
Probability and statistics with reliability, queuing and computer science applications
Probability and statistics with reliability, queuing and computer science applications
Incentive-based modeling and inference of attacker intent, objectives, and strategies
Proceedings of the 10th ACM conference on Computer and communications security
A method for modeling and quantifying the security attributes of intrusion tolerant systems
Performance Evaluation - Dependable systems and networks-performance and dependability symposium (DSN-PDS) 2002: Selected papers
Model-Based Evaluation: From Dependability to Security
IEEE Transactions on Dependable and Secure Computing
Model-Based Validation of an Intrusion-Tolerant Information System
SRDS '04 Proceedings of the 23rd IEEE International Symposium on Reliable Distributed Systems
Security analysis of SITAR intrusion tolerance system
Proceedings of the 2003 ACM workshop on Survivable and self-regenerative systems: in association with 10th ACM Conference on Computer and Communications Security
Attack Plan Recognition and Prediction Using Causal Networks
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Towards an Integrated Conceptual Model of Security and Dependability
ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
Value Driven Security Threat Modeling Based on Attack Path Analysis
HICSS '07 Proceedings of the 40th Annual Hawaii International Conference on System Sciences
Estimating a System's Mean Time-to-Compromise
IEEE Security and Privacy
A Vulnerability and Exploit Independent Approach for Attack Path Prediction
CITWORKSHOPS '08 Proceedings of the 2008 IEEE 8th International Conference on Computer and Information Technology Workshops
Risk assessment in practice: A real case study
Computer Communications
An Attack Graph-Based Probabilistic Security Metric
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Vulnerability Modelling for the Analysis of Network Attacks
DEPCOS-RELCOMEX '08 Proceedings of the 2008 Third International Conference on Dependability of Computer Systems DepCoS-RELCOMEX
Transactions on Computational Science IV
On the Operational Security Assurance Evaluation of Networked IT Systems
NEW2AN '09 and ruSMART '09 Proceedings of the 9th International Conference on Smart Spaces and Next Generation Wired/Wireless Networking and Second Conference on Smart Spaces
A Quantitative Study of Two Attacks
Electronic Notes in Theoretical Computer Science (ENTCS)
Cryptography and Network Security: Principles and Practice
Cryptography and Network Security: Principles and Practice
Model-based Security Metrics Using ADversary VIew Security Evaluation (ADVISE)
QEST '11 Proceedings of the 2011 Eighth International Conference on Quantitative Evaluation of SysTems
Attack graph based evaluation of network security
CMS'06 Proceedings of the 10th IFIP TC-6 TC-11 international conference on Communications and Multimedia Security
Hi-index | 0.00 |
To trust a computer system that is supposed to be secure, it is necessary to predict the degree to which the system's security level can be achieved when operating in a specific environment under cyber attacks. In this paper, we propose a state-based stochastic model for obtaining quantitative security metrics representing the level of a system's security. The main focus of the study is on how to model the progression of an attack process over time. The basic assumption of our model is that the time parameter plays the essential role in capturing the nature of an attack process. In practice, the attack process will terminate successfully, possibly after a number of unsuccessful attempts. What is important is, indeed, the estimation of how long it takes to be conducted. The proposed stochastic model is parameterized based on a suitable definition of time distributions describing attacker's actions and system's reactions over time. For this purpose, probability distribution functions are defined and assigned to transitions of the model for characterizing the temporal aspects of the attacker and system behavior. With the definition of the distributions, the stochastic model will be recognized to be a semi-Markov chain. This mathematical model will be analytically solved to calculate the desirable quantitative security metrics, such as mean time to security failure and steady-state security. The proposed method shows a systematic development of the stochastic modeling techniques and concepts, used frequently in the area of dependability evaluation, for attack process modeling. Like any other modeling method, the proposed model is also constructed based on some underlying assumptions, which are specific to the context of security analysis.