Incorporating attacker behavior in stochastic models of security

被引：0

作者：

Sallhammar, K ^{[1
]}

Helvik, BE ^{[1
]}

Knapskog, SJ ^{[1
]}

机构：

[1] Norwegian Univ Sci & Technol, Ctr Quantifiable Qual, Serv Commun Syst, N-7034 Trondheim, Norway

来源：

SAM '05: Proceedings of the 2005 International Conference on Security and Management | 2005年

关键词：

quantitative security; stochastic modelling; attacker behavior; game theory;

D O I：

暂无

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

We describe a game-theoretic method to compute the probabilities of expected attacker behavior and we demonstrate how these probabilities can be incorporated in the transition rate matrix of a stochastic model for operational security, assessment. The game- theoretic method is based on a reward concept, which considers the effect of successful attacks, as well as the possible cost of detection when computing the expected attacker strategy. Our method aims to fill an important gap in the application of reliability, methodology to security evaluation. To demonstrate the Usability of the method in different threat environments, an illustrative example is provided.

引用

页码：79 / 85

页数：7

共 50 条

[1] From Attacker Models to Reliable Security
Mantel, Heiko
[J]. PROCEEDINGS OF THE 2019 ACM ASIA CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY (ASIACCS '19), 2019, : 547 - 547
[2] Software Security: Vulnerabilities and Countermeasures for Two Attacker Models
Piessens, Frank
Verbauwhede, Ingrid
[J]. PROCEEDINGS OF THE 2016 DESIGN, AUTOMATION & TEST IN EUROPE CONFERENCE & EXHIBITION (DATE), 2016, : 990 - 999
[3] Adaptable Authentication Model: Exploring Security with Weaker Attacker Models
Ahmed, Naveed
Jensen, Christian D.
[J]. ENGINEERING SECURE SOFTWARE AND SYSTEMS, 2011, 6542 : 234 - 247
[4] A quantitative model of the security intrusion process based on attacker behavior
Jonsson, E
Olovsson, T
[J]. IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, 1997, 23 (04) : 235 - 245
[5] Decoding the Imitation Security Game: Handling Attacker Imitative Behavior Deception
Nguyen, Thanh H.
Nam Vu
Yadav, Amulya
Uy Nguyen
[J]. ECAI 2020: 24TH EUROPEAN CONFERENCE ON ARTIFICIAL INTELLIGENCE, 2020, 325 : 179 - 186
[6] Security Markets: Stochastic Models
Dybvig, Philip H.
[J]. REVIEW OF FINANCIAL STUDIES, 1988, 1 (03): : 329 - 330
[7] Integrating attacker behavior in IT security analysis: a discrete-event simulation approach
Ekelhart, Andreas
Kiesling, Elmar
Grill, Bernhard
Strauss, Christine
Stummer, Christian
[J]. INFORMATION TECHNOLOGY & MANAGEMENT, 2015, 16 (03): : 221 - 233
[8] Attacker Behavior-Based Metric for Security Monitoring Applied to Darknet Analysis
Evrard, Laurent
Francois, Jerome
Colin, Jean-Noel
[J]. 2019 IFIP/IEEE SYMPOSIUM ON INTEGRATED NETWORK AND SERVICE MANAGEMENT (IM), 2019, : 89 - 97
[9] Processes of educational informatics incorporating stochastic models
Artikis, Constantinos T.
Artikis, Panagiotis T.
[J]. JOURNAL OF INTERDISCIPLINARY MATHEMATICS, 2009, 12 (04) : 553 - 564
[10] Incorporating attacker capabilities in risk estimation and mitigation
ben Othmane, Lotfi
Ranchal, Rohit
Fernando, Ruchith
Bhargava, Bharat
Bodden, Eric
[J]. COMPUTERS & SECURITY, 2015, 51 : 41 - 61

← 1 2 3 4 5 →