Hoora Ketabdar, Razieh Rezaee, Abbas Ghaemi-Bafghi, Masoud Khosravi-Farmad
{"title":"Network security risk analysis using attacker's behavioral parameters","authors":"Hoora Ketabdar, Razieh Rezaee, Abbas Ghaemi-Bafghi, Masoud Khosravi-Farmad","doi":"10.1109/ICCKE.2016.7802161","DOIUrl":null,"url":null,"abstract":"Computer networks consist of several assets such as hardware, software, and data sources. These assets have often some vulnerabilities which can be exploited by attackers that violate security policies in the network. Considering the limited budget, the network administrator should analyze and prioritize these vulnerabilities to be able to efficiently protect a network by mitigating the most risky ones. So far, several security parameters are offered to analyze security risks from the network security administrator's perspective. The major drawback of these methods is that they do not consider attacker's motivation. Depending on the motivation of potential attackers, different attack path may be selected for network security compromise. So, attacker's motivation is a key factor in predicting the attacker's behavior. In this paper, the attacker's motivation is considered in the process of security risk analysis, so network administrators are able to analyze security risks more accurately. The proposed method is applied on a network and the results are compared with novel works in this area. The experimental results show that network administrator will be able to precisely predict the behavior of attackers and apply countermeasures more efficiently.","PeriodicalId":205768,"journal":{"name":"2016 6th International Conference on Computer and Knowledge Engineering (ICCKE)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 6th International Conference on Computer and Knowledge Engineering (ICCKE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICCKE.2016.7802161","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Computer networks consist of several assets such as hardware, software, and data sources. These assets have often some vulnerabilities which can be exploited by attackers that violate security policies in the network. Considering the limited budget, the network administrator should analyze and prioritize these vulnerabilities to be able to efficiently protect a network by mitigating the most risky ones. So far, several security parameters are offered to analyze security risks from the network security administrator's perspective. The major drawback of these methods is that they do not consider attacker's motivation. Depending on the motivation of potential attackers, different attack path may be selected for network security compromise. So, attacker's motivation is a key factor in predicting the attacker's behavior. In this paper, the attacker's motivation is considered in the process of security risk analysis, so network administrators are able to analyze security risks more accurately. The proposed method is applied on a network and the results are compared with novel works in this area. The experimental results show that network administrator will be able to precisely predict the behavior of attackers and apply countermeasures more efficiently.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
