Introducing GAMfIS: A Generic Attacker Model for Information Security

被引：0

作者：

Fraunholz, Daniel ^{[1
]}

Duque Anton, Simon ^{[1
]}

Schotten, Hans Dieter ^{[1
]}

机构：

[1] German Res Ctr Artificial Intelligence, Intelligent Networks Res Grp, D-67663 Kaiserslautern, Germany

来源：

2017 25TH INTERNATIONAL CONFERENCE ON SOFTWARE, TELECOMMUNICATIONS AND COMPUTER NETWORKS (SOFTCOM) | 2017年

关键词：

D O I：

暂无

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Since the employment of digital technologies in more and more domains, such as finance, industry, government, health and many more, the amount of data stored digitally has vastly increased. This offers new opportunities to malicious adversaries who, for financial, ethical or political reasons, want to access or modify this data. In order to enable owners of IT-systems to assess threats and risks, we propose an attacker model named GAMfIS that groups types of attackers by their motivations, skills and resources. We compared GAMfIS to existing models, allowing for a comprehensive evaluation. In addition to that, we applied our model to a simplified risk assessment of a current use case to demonstrate the capabilities of GAMfIS. We conclude our work by highlighting the perks of GAMfIS.

引用

页码：393 / 398

页数：6

共 50 条

[31] Do Not Model the Attacker
Meier, Jan
[J]. SECURITY PROTOCOLS XVI, 2011, 6615 : 25 - 35
[32] Incorporating attacker behavior in stochastic models of security
Sallhammar, K
Helvik, BE
Knapskog, SJ
[J]. SAM '05: Proceedings of the 2005 International Conference on Security and Management, 2005, : 79 - 85
[33] Imitative Attacker Deception in Stackelberg Security Games
Nguyen, Thanh
Xu, Haifeng
[J]. PROCEEDINGS OF THE TWENTY-EIGHTH INTERNATIONAL JOINT CONFERENCE ON ARTIFICIAL INTELLIGENCE, 2019, : 528 - 534
[34] Using Discrete Event Simulation to Model Attacker Interactions with Cyber and Physical Security Systems
Perkins, Casey
Muller, George
[J]. COMPLEX ADAPTIVE SYSTEMS, 2015, 2015, 61 : 221 - 226
[35] The security model to combine the corporate and information security
Virtanen, T
[J]. TRUSTED INFORMATION: THE NEW DECADE CHALLENGE, 2001, 65 : 305 - 316
[36] Information security management: An information security retrieval and awareness model for industry
Kritzinger, E.
Smith, E.
[J]. COMPUTERS & SECURITY, 2008, 27 (5-6) : 224 - 231
[37] Information security management model
Cribb, T
Rao, A
[J]. SAM'03: PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON SECURITY AND MANAGEMENT, VOLS 1 AND 2, 2003, : 654 - 657
[38] An information model for security integration
Rasheed, Hassan
Chow, Randy Y. C.
[J]. 11TH IEEE INTERNATIONAL WORKSHOP ON FUTURE TRENDS OF DISTRIBUTED COMPUTING SYSTEMS, PROCEEDINGS, 2007, : 41 - +
[39] Towards a generic model of information and library services in the information age
Brophy, P
[J]. JOURNAL OF DOCUMENTATION, 2000, 56 (02) : 161 - 184
[40] An empirical study on the use of the Generic Security Template for structuring the lessons from information security incidents
He, Ying
Johnson, Chris
Renaud, Karen
Lu, Yu
Jebriel, Salem
[J]. 2014 6TH INTERNATIONAL CONFERENCE ON COMPUTER SCIENCE AND INFORMATION TECHNOLOGY (CSIT), 2014, : 178 - 188

← 1 2 3 4 5 →