Assessing Security Risk to a Network Using a Statistical Model of Attacker Community Competence
Number of Authors: 1
2009 (English)Conference paper (Refereed)
We propose a novel approach for statistical risk modeling of network attacks that lets an operator perform risk analysis using a data model and an impact model on top of an attack graph in combination with a statistical model of the attacker community exploitation skill. The data model describes how data flows between nodes in the network -- how it is copied and processed by softwares and hosts -- while the impact model models how exploitation of vulnerabilities affects the data flows with respect to the confidentiality, integrity and availability of the data. In addition, by assigning a loss value to a compromised data set, we can estimate the cost of a successful attack. The statistical model lets us incorporate real-time monitor data from a honeypot in the risk calculation. The exploitation skill distribution is inferred by first classifying each vulnerability into a required exploitation skill-level category, then mapping each skill-level into a distribution over the required exploitation skill, and last applying Bayesian inference over the attack data. The final security risk is thereafter computed by marginalizing over the exploitation skill.
Place, publisher, year, edition, pages
2009, 6. , 17 p.
Intrusion detection, Risk analysis, Network security, Security metrics
Computer and Information Science
IdentifiersURN: urn:nbn:se:ri:diva-23660OAI: oai:DiVA.org:ri-23660DiVA: diva2:1042737
Eleventh International Conference on Information and Communications Security (ICICS 2009)
The original publication is available at www.springerlink.com.2016-10-312016-10-31Bibliographically approved