Quantitative Information Security Risk Estimation Using Probabilistic Attack Graphs

被引：3

作者：

Johnson, Pontus ^{[1
]}

Vernotte, Alexandre ^{[1
]}

Gorton, Dan ^{[2
]}

Ekstedt, Mathias ^{[1
]}

Lagerstrom, Robert ^{[1
]}

机构：

[1] KTH Royal Inst Technol, Stockholm, Sweden

[2] Foreseeti AB, Stockholm, Sweden

来源：

RISK ASSESSMENT AND RISK-DRIVEN QUALITY ASSURANCE, RISK 2016 | 2017年 / 10224卷

关键词：

Quantitative risk analysis; Attack graphs; Threat modeling; Network security; Information security; NETWORKS;

D O I：

10.1007/978-3-319-57858-3_4

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

This paper proposes an approach, called pwnPr3d, for quantitatively estimating information security risk in ICT systems. Unlike many other risk analysis approaches that rely heavily on manual work and security expertise, this approach comes with built-in security risk analysis capabilities. pwnPr3d combines a network architecture modeling language and a probabilistic inference engine to automatically generate an attack graph, making it possible to identify threats along with the likelihood of these threats exploiting a vulnerability. After defining the value of information assets to their organization with regards to confidentiality, integrity and availability breaches, pwnPr3d allows users to automatically quantify information security risk over time, depending on the possible progression of the attacker. As a result, pwnPr3d provides stakeholders in organizations with a holistic approach that both allows high-level overview and technical details.

引用

页码：37 / 52

页数：16

共 50 条

[1] Exploring Attack Graphs for Security Risk Assessment: A Probabilistic Approach
GAO Ni
HE Yiyue
[J]. Wuhan University Journal of Natural Sciences, 2018, 23 (02) : 171 - 177
[2] Security Countermeasures Selection Using the Meta Attack Language and Probabilistic Attack Graphs
Widel, Wojciech
Mukherjee, Preetam
Ekstedt, Mathias
[J]. IEEE ACCESS, 2022, 10 : 89645 - 89662
[3] Measuring Security Risk of Networks Using Attack Graphs
Noel, Steven
Jajodia, Sushil
Wang, Lingyu
Singhal, Anoop
[J]. INTERNATIONAL JOURNAL OF NEXT-GENERATION COMPUTING, 2010, 1 (01): : 113 - 123
[4] Dynamic Security Risk Management Using Bayesian Attack Graphs
Poolsappasit, Nayot
Dewri, Rinku
Ray, Indrajit
[J]. IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2012, 9 (01) : 61 - 74
[5] Measuring Security Risk of Networks Using Attack Graphs: A Critique
Goubanova, Svetlana
[J]. INTERNATIONAL JOURNAL OF NEXT-GENERATION COMPUTING, 2011, 2 (01): : I - iii
[6] Enhancement of Probabilistic Attack Graphs for Accurate Cyber Security Monitoring
Doynikova, Elena
Kotenko, Igor
[J]. 2017 IEEE SMARTWORLD, UBIQUITOUS INTELLIGENCE & COMPUTING, ADVANCED & TRUSTED COMPUTED, SCALABLE COMPUTING & COMMUNICATIONS, CLOUD & BIG DATA COMPUTING, INTERNET OF PEOPLE AND SMART CITY INNOVATION (SMARTWORLD/SCALCOM/UIC/ATC/CBDCOM/IOP/SCI), 2017,
[7] Research on Network Security Quantitative Model Based on Probabilistic Attack Graph
Cui, Yimin
Li, Junmei
Zhao, Wei
Luan, Cheng
[J]. AMCSE 2018 - INTERNATIONAL CONFERENCE ON APPLIED MATHEMATICS, COMPUTATIONAL SCIENCE AND SYSTEMS ENGINEERING, 2019, 24
[8] CVSS-based Security Metrics for Quantitative Analysis Of Attack Graphs
Keramati, Matjan
Akbari, Ahmad
Keramati, Mahsa
[J]. PROCEEDINGS OF THE 3RD INTERNATIONAL CONFERENCE ON COMPUTER AND KNOWLEDGE ENGINEERING (ICCKE 2013), 2013, : 178 - 183
[9] Patching Security Vulnerabilities Using Stackelberg Security Games on Attack Graphs
Wachter, Jasmin
[J]. FRONTIERS OF ARTIFICIAL INTELLIGENCE, ETHICS, AND MULTIDISCIPLINARY APPLICATIONS, FAIEMA 2023, 2024, : 83 - 98
[10] Evaluation of SOA security metrics using attack graphs
Magott, Jan
Woda, Marek
[J]. DEPCOS - RELCOMEX 2008: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON DEPENDABILITY OF COMPUTER SYSTEMS, 2008, : 277 - 284

← 1 2 3 4 5 →