An uncertain graph-based approach for cyber-security risk assessment

Proceedings of the 7th Symposium on Hot Topics in the Science of Security Pub Date : 2020-08-25 DOI:10.1145/3384217.3384221
H. Nguyen
{"title":"An uncertain graph-based approach for cyber-security risk assessment","authors":"H. Nguyen","doi":"10.1145/3384217.3384221","DOIUrl":null,"url":null,"abstract":"We proposed a novel risk assessment approach for quantifying the security risk of lateral movement attacks, in which the attack propagation is modeled as an uncertain graph and the attack impact is a function of the set of compromised devices. We discussed several risk-based security metrics, including the expected loss, survival function, and conditional expectation - the last two measure the low-probability but high-impact events in the right tail of the loss distribution. The model is illustrated with a simple example and several directions for further research are discussed.","PeriodicalId":205173,"journal":{"name":"Proceedings of the 7th Symposium on Hot Topics in the Science of Security","volume":"109 28","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-08-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 7th Symposium on Hot Topics in the Science of Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3384217.3384221","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

We proposed a novel risk assessment approach for quantifying the security risk of lateral movement attacks, in which the attack propagation is modeled as an uncertain graph and the attack impact is a function of the set of compromised devices. We discussed several risk-based security metrics, including the expected loss, survival function, and conditional expectation - the last two measure the low-probability but high-impact events in the right tail of the loss distribution. The model is illustrated with a simple example and several directions for further research are discussed.
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
基于不确定图的网络安全风险评估方法
我们提出了一种新的风险评估方法来量化横向移动攻击的安全风险,该方法将攻击传播建模为不确定图,攻击影响是被入侵设备集合的函数。我们讨论了几个基于风险的安全度量,包括预期损失、生存函数和条件期望——后两个度量损失分布右尾部的低概率但高影响的事件。通过一个简单的例子说明了该模型,并讨论了进一步研究的几个方向。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
Proceedings of the 7th Symposium on Hot Topics in the Science of Security
Proceedings of the 7th Symposium on Hot Topics in the Science of Security
自引率
0.00%
发文量
0
期刊最新文献
Vulnerability trends in web servers and browsers Using Intel SGX to improve private neural network training and inference Simulation testbed for railway infrastructure security and resilience evaluation The more the merrier: adding hidden measurements to secure industrial control systems A raspberry Pi sensor network for wildlife conservation
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1