Pub Date : 2011-04-11DOI: 10.1109/CICYBS.2011.5949407
H. Bedi, Sankardas Roy, S. Shiva
While there are significant advances in information technology and infrastructure which offer new opportunities, cyberspace is still far from completely secured. In many cases, the employed security solutions are ad hoc and lack a quantitative decision framework. To this end, game theory poses huge potential in building a defense architecture based on a solid analytical setting. In this paper, we explore the applicability of game theoretic approaches to the cyber security problem while keeping the focus on active bandwidth depletion attacks on TCP/TCP-friendly flows. We model the interaction between the attacker and the defender as a game in two attack scenarios: (i) one single attacking node for Denial of Service (DoS) and (ii) multiple attacking nodes for Distributed DoS (DDoS). The defender's challenge is to determine optimal firewall settings to block rogue traffic while allowing legitimate ones. Our analysis considers the worst-case scenario where the attacker also attempts to find the most effective sending rate or botnet size. In either case, we build a static game model to compute the Nash equilibrium that represents the best strategy for the defender. We validate the effectiveness of our game theoretic defense mechanisms via extensive simulation.
{"title":"Game theory-based defense mechanisms against DDoS attacks on TCP/TCP-friendly flows","authors":"H. Bedi, Sankardas Roy, S. Shiva","doi":"10.1109/CICYBS.2011.5949407","DOIUrl":"https://doi.org/10.1109/CICYBS.2011.5949407","url":null,"abstract":"While there are significant advances in information technology and infrastructure which offer new opportunities, cyberspace is still far from completely secured. In many cases, the employed security solutions are ad hoc and lack a quantitative decision framework. To this end, game theory poses huge potential in building a defense architecture based on a solid analytical setting. In this paper, we explore the applicability of game theoretic approaches to the cyber security problem while keeping the focus on active bandwidth depletion attacks on TCP/TCP-friendly flows. We model the interaction between the attacker and the defender as a game in two attack scenarios: (i) one single attacking node for Denial of Service (DoS) and (ii) multiple attacking nodes for Distributed DoS (DDoS). The defender's challenge is to determine optimal firewall settings to block rogue traffic while allowing legitimate ones. Our analysis considers the worst-case scenario where the attacker also attempts to find the most effective sending rate or botnet size. In either case, we build a static game model to compute the Nash equilibrium that represents the best strategy for the defender. We validate the effectiveness of our game theoretic defense mechanisms via extensive simulation.","PeriodicalId":436263,"journal":{"name":"2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117217756","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-04-11DOI: 10.1109/CICYBS.2011.5949388
Jennifer T. Jackson, S. Creese, M. Leeson
Maintaining an adequate level of security in computer networks is a co-evolving process between improved security techniques and ever more sophisticated attack methods. Our appetite for new technologies shows no abating, evidenced most recently by the smartphone market. Malware continues to be a growing problem and saturation times are becoming so rapid that a continued reliance on signature based protection is becoming impractical as a strategy. We urgently require techniques which enable us to adapt to, and be tolerant of, malicious activity, even if it is an entirely new form of attack, to achieve resilience where otherwise our security fails. Ecology research has found that the impact of disturbances to a community, such as the spread of certain types of viruses, can be reduced by a greater level of biodiversity. There are similarities between dynamic ad hoc networks and natural communities due to their movement and short range communication patterns. We explore here whether biodiversity might offer a security strategy for ad hoc networks.
{"title":"Biodiversity: A security approach for ad hoc networks","authors":"Jennifer T. Jackson, S. Creese, M. Leeson","doi":"10.1109/CICYBS.2011.5949388","DOIUrl":"https://doi.org/10.1109/CICYBS.2011.5949388","url":null,"abstract":"Maintaining an adequate level of security in computer networks is a co-evolving process between improved security techniques and ever more sophisticated attack methods. Our appetite for new technologies shows no abating, evidenced most recently by the smartphone market. Malware continues to be a growing problem and saturation times are becoming so rapid that a continued reliance on signature based protection is becoming impractical as a strategy. We urgently require techniques which enable us to adapt to, and be tolerant of, malicious activity, even if it is an entirely new form of attack, to achieve resilience where otherwise our security fails. Ecology research has found that the impact of disturbances to a community, such as the spread of certain types of viruses, can be reduced by a greater level of biodiversity. There are similarities between dynamic ad hoc networks and natural communities due to their movement and short range communication patterns. We explore here whether biodiversity might offer a security strategy for ad hoc networks.","PeriodicalId":436263,"journal":{"name":"2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122610367","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-04-11DOI: 10.1109/CICYBS.2011.5949414
John R. Williams, Sergio Herrero, Christopher Leonardi, Steve Chan, Abel Sanchez, Z. Aung
Cyber-physical security-related queries and analytics run on traditional relational databases can take many hours to return. Furthermore, programming analytics on distributed databases requires great skill, and there is a shortage of such talent worldwide. In this talk on computational intelligence within cyber security, we will review developments of processing large datasets in-memory using a coherent shared memory approach. The coherent shared memory approach allows programmers to view a cluster of servers as a system with a single large RAM. By hiding the actual system architecture under a software layer, we proffer a more intuitive programming model. Furthermore, the design of applications is “timeless” since hardware upgrades require no changes to the software. The advantages of shared memory are countered by some disadvantages in that race conditions can occur; however, in many of these cases, we can provide models that protect us against such problems. Exemplars include sensemaking of Twitter feeds, the processing of Smart Meter datasets, and the large scale simulation of the caching of files at disparate points around the globe.
{"title":"Large in-memory cyber-physical security-related analytics via scalable coherent shared memory architectures","authors":"John R. Williams, Sergio Herrero, Christopher Leonardi, Steve Chan, Abel Sanchez, Z. Aung","doi":"10.1109/CICYBS.2011.5949414","DOIUrl":"https://doi.org/10.1109/CICYBS.2011.5949414","url":null,"abstract":"Cyber-physical security-related queries and analytics run on traditional relational databases can take many hours to return. Furthermore, programming analytics on distributed databases requires great skill, and there is a shortage of such talent worldwide. In this talk on computational intelligence within cyber security, we will review developments of processing large datasets in-memory using a coherent shared memory approach. The coherent shared memory approach allows programmers to view a cluster of servers as a system with a single large RAM. By hiding the actual system architecture under a software layer, we proffer a more intuitive programming model. Furthermore, the design of applications is “timeless” since hardware upgrades require no changes to the software. The advantages of shared memory are countered by some disadvantages in that race conditions can occur; however, in many of these cases, we can provide models that protect us against such problems. Exemplars include sensemaking of Twitter feeds, the processing of Smart Meter datasets, and the large scale simulation of the caching of files at disparate points around the globe.","PeriodicalId":436263,"journal":{"name":"2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128234352","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-04-11DOI: 10.1109/CICYBS.2011.5949406
M. Rehák, Jan Stiborek, Martin Grill
We present an empirical study of regret minimization procedure used in a distributed Intrusion Detection System (IDS) to independently adapt the self-contained components of the system without any explicit coordination. We show that the regret minimization methods can be used to build survivable distributed security systems that can only communicate using standard data-transfer protocols (NetFlow, selective traffic mirroring or alerts) and do not need to rely on explicit communication required by more elaborate coordination protocols. The intended impact is dramatically easier integration, maintenance and repair of IDS systems, with only a small impact on system characteristics.
{"title":"Intelligence, not integration: Distributed regret minimization for IDS Control","authors":"M. Rehák, Jan Stiborek, Martin Grill","doi":"10.1109/CICYBS.2011.5949406","DOIUrl":"https://doi.org/10.1109/CICYBS.2011.5949406","url":null,"abstract":"We present an empirical study of regret minimization procedure used in a distributed Intrusion Detection System (IDS) to independently adapt the self-contained components of the system without any explicit coordination. We show that the regret minimization methods can be used to build survivable distributed security systems that can only communicate using standard data-transfer protocols (NetFlow, selective traffic mirroring or alerts) and do not need to rely on explicit communication required by more elaborate coordination protocols. The intended impact is dramatically easier integration, maintenance and repair of IDS systems, with only a small impact on system characteristics.","PeriodicalId":436263,"journal":{"name":"2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)","volume":"02 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129113443","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-04-11DOI: 10.1109/CICYBS.2011.5949391
C. Bacquet, A. N. Zincir-Heywood, M. Heywood
An important part of network management requires the accurate identification and classification of network traffic for decisions regarding bandwidth management, quality of service, and security. This work explores the use of a Multi-Objective Genetic Algorithm (MOGA) for both, feature selection and cluster count optimization, for an unsupervised machine learning technique, K-Means, applied to encrypted traffic identification. Specifically, a hierarchical K-Means algorithm is employed, comparing its performance to the MOGA with a non-hierarchical (flat) K-Means algorithm. The latter has already been benchmarked against common unsupervised techniques found in the literature, where results have favored the proposed MOGA. The purpose of this paper is to explore the gains, if any, obtained by increasing cluster purity in the proposed model by means of a second layer of clusters. In this work, SSH is chosen as an example of an encrypted application. However, nothing prevents the proposed model to work with other types of encrypted traffic, such as SSL or Skype. Results show that with the hierarchical MOGA, significant gains are observed in terms of the classification performance of the system.
{"title":"Genetic optimization and hierarchical clustering applied to encrypted traffic identification","authors":"C. Bacquet, A. N. Zincir-Heywood, M. Heywood","doi":"10.1109/CICYBS.2011.5949391","DOIUrl":"https://doi.org/10.1109/CICYBS.2011.5949391","url":null,"abstract":"An important part of network management requires the accurate identification and classification of network traffic for decisions regarding bandwidth management, quality of service, and security. This work explores the use of a Multi-Objective Genetic Algorithm (MOGA) for both, feature selection and cluster count optimization, for an unsupervised machine learning technique, K-Means, applied to encrypted traffic identification. Specifically, a hierarchical K-Means algorithm is employed, comparing its performance to the MOGA with a non-hierarchical (flat) K-Means algorithm. The latter has already been benchmarked against common unsupervised techniques found in the literature, where results have favored the proposed MOGA. The purpose of this paper is to explore the gains, if any, obtained by increasing cluster purity in the proposed model by means of a second layer of clusters. In this work, SSH is chosen as an example of an encrypted application. However, nothing prevents the proposed model to work with other types of encrypted traffic, such as SSL or Skype. Results show that with the hierarchical MOGA, significant gains are observed in terms of the classification performance of the system.","PeriodicalId":436263,"journal":{"name":"2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114526081","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-04-11DOI: 10.1109/CICYBS.2011.5949409
J. Zhan, Lijo Thomas
Phishing attack has been a serious concern to online banking and e-commerce websites. This paper proposes a method to detect and filter phishing emails in dynamic environment by applying a family of weak estimators. Anomaly detection identifies observations that deviate from the normal behavior of a system and is achieved by identifying the phenomena that characterize the “normal” observation. The new observations are classified either a normal or abnormal based on the characteristics of data learnt. Most of the anomaly detection works with the assumption that the underlying distributions of observations are stationary, where this assumption is relevant to many applications. However some detection problem occurs within environments that are non-stationary. One good example to demonstrate the information is by identifying anomalous temperature pattern in meteorology that takes into account the seasonal changes of normal observations. It is necessary that anomalous observations are identified even with the changes or acquire the ability to adapt to the variations in non-stationary environments. Our experimental results show the feasibility and effectiveness of our approach.
{"title":"Phishing detection using stochastic learning-based weak estimators","authors":"J. Zhan, Lijo Thomas","doi":"10.1109/CICYBS.2011.5949409","DOIUrl":"https://doi.org/10.1109/CICYBS.2011.5949409","url":null,"abstract":"Phishing attack has been a serious concern to online banking and e-commerce websites. This paper proposes a method to detect and filter phishing emails in dynamic environment by applying a family of weak estimators. Anomaly detection identifies observations that deviate from the normal behavior of a system and is achieved by identifying the phenomena that characterize the “normal” observation. The new observations are classified either a normal or abnormal based on the characteristics of data learnt. Most of the anomaly detection works with the assumption that the underlying distributions of observations are stationary, where this assumption is relevant to many applications. However some detection problem occurs within environments that are non-stationary. One good example to demonstrate the information is by identifying anomalous temperature pattern in meteorology that takes into account the seasonal changes of normal observations. It is necessary that anomalous observations are identified even with the changes or acquire the ability to adapt to the variations in non-stationary environments. Our experimental results show the feasibility and effectiveness of our approach.","PeriodicalId":436263,"journal":{"name":"2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131918510","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-04-11DOI: 10.1109/CICYBS.2011.5949397
Stephen M. Woskov, M. Grimaila, R. Mills, M. Haas
Virtually all modern organizations have embedded information systems into their core business processes as a means to increase operational efficiency, improve decision making quality, and minimize costs. Unfortunately, this dependence can place an organization's mission at risk if the confidentiality, integrity, or availability of a critical information resource has been lost or degraded. Within the military, this type of incident could ultimately result in serious consequences including physical destruction and loss of life. To reduce the likelihood of this outcome, personnel must be informed about cyber incidents, and their potential consequences, in a timely and relevant manner so that appropriate contingency actions can be taken. In this paper, we identify criteria for improving the relevance of incident notification, propose the use of case-based reasoning (CBR) for contingency decision support, and identify key design considerations for implementing a CBR system used to deliver relevant notification following a cyber incident.
{"title":"Design considerations for a case-based reasoning engine for scenario-based cyber incident notification","authors":"Stephen M. Woskov, M. Grimaila, R. Mills, M. Haas","doi":"10.1109/CICYBS.2011.5949397","DOIUrl":"https://doi.org/10.1109/CICYBS.2011.5949397","url":null,"abstract":"Virtually all modern organizations have embedded information systems into their core business processes as a means to increase operational efficiency, improve decision making quality, and minimize costs. Unfortunately, this dependence can place an organization's mission at risk if the confidentiality, integrity, or availability of a critical information resource has been lost or degraded. Within the military, this type of incident could ultimately result in serious consequences including physical destruction and loss of life. To reduce the likelihood of this outcome, personnel must be informed about cyber incidents, and their potential consequences, in a timely and relevant manner so that appropriate contingency actions can be taken. In this paper, we identify criteria for improving the relevance of incident notification, propose the use of case-based reasoning (CBR) for contingency decision support, and identify key design considerations for implementing a CBR system used to deliver relevant notification following a cyber incident.","PeriodicalId":436263,"journal":{"name":"2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115468981","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-04-11DOI: 10.1109/CICYBS.2011.5949400
Ran Liu, Wenjian Luo, Xufa Wang
The negative database (NDB) is a complement of the corresponding database. The NDB could protect the privacy of the data, but it should be complete and hard-to-reverse. However, existent techniques cannot generate the complete and hard-to-reverse negative database. In this paper, a hybrid method is proposed to generate single negative databases. The proposed hybrid method includes two phases. Firstly, a complete negative database with a small size is generated by the transformation of the prefix algorithm. Secondly, a hard-to-reverse negative database, which is generated with the q-hidden method, is added into the small complete negative database. Therefore, the hybrid negative database is both complete and hard-to-reverse. Experiment results show that the NDB generated by the hybrid method is better than the NDB generated by the typical q-hidden method. Especially, the NDB generated by the q-hidden method can be reversed on average when the string length is 300. However, the NDB generated by the hybrid method cannot be reversed on average when the string length is 150.
{"title":"A Hybrid of the prefix algorithm and the q-hidden algorithm for generating single negative databases","authors":"Ran Liu, Wenjian Luo, Xufa Wang","doi":"10.1109/CICYBS.2011.5949400","DOIUrl":"https://doi.org/10.1109/CICYBS.2011.5949400","url":null,"abstract":"The negative database (NDB) is a complement of the corresponding database. The NDB could protect the privacy of the data, but it should be complete and hard-to-reverse. However, existent techniques cannot generate the complete and hard-to-reverse negative database. In this paper, a hybrid method is proposed to generate single negative databases. The proposed hybrid method includes two phases. Firstly, a complete negative database with a small size is generated by the transformation of the prefix algorithm. Secondly, a hard-to-reverse negative database, which is generated with the q-hidden method, is added into the small complete negative database. Therefore, the hybrid negative database is both complete and hard-to-reverse. Experiment results show that the NDB generated by the hybrid method is better than the NDB generated by the typical q-hidden method. Especially, the NDB generated by the q-hidden method can be reversed on average when the string length is 300. However, the NDB generated by the hybrid method cannot be reversed on average when the string length is 150.","PeriodicalId":436263,"journal":{"name":"2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)","volume":"111 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117199307","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-04-11DOI: 10.1109/CICYBS.2011.5949385
A. Zakrzewska, Erik M. Ferragut
When threatened by automated attacks, critical systems that require human-controlled responses have difficulty making optimal responses and adapting protections in real-time and may therefore be overwhelmed. Consequently, experts have called for the development of automatic real-time reaction capabilities. However, a technical gap exists in the modeling and analysis of cyber conflicts to automatically understand the repercussions of responses. There is a need for modeling cyber assets that accounts for concurrent behavior, incomplete information, and payoff functions.
{"title":"Modeling cyber conflicts using an extended Petri Net formalism","authors":"A. Zakrzewska, Erik M. Ferragut","doi":"10.1109/CICYBS.2011.5949385","DOIUrl":"https://doi.org/10.1109/CICYBS.2011.5949385","url":null,"abstract":"When threatened by automated attacks, critical systems that require human-controlled responses have difficulty making optimal responses and adapting protections in real-time and may therefore be overwhelmed. Consequently, experts have called for the development of automatic real-time reaction capabilities. However, a technical gap exists in the modeling and analysis of cyber conflicts to automatically understand the repercussions of responses. There is a need for modeling cyber assets that accounts for concurrent behavior, incomplete information, and payoff functions.","PeriodicalId":436263,"journal":{"name":"2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)","volume":"57 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129509852","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-04-11DOI: 10.1109/CICYBS.2011.5949395
R. Abercrombie, Erik M. Ferragut, Frederick T. Sheldon, M. Grimaila
Information system security risk, defined as the product of the monetary losses associated with security incidents and the probability that they occur, is a suitable decision criterion when considering different information system architectures. Risk assessment is the widely accepted process used to understand, quantify, and document the effects of undesirable events on organizational objectives so that risk management, continuity of operations planning, and contingency planning can be performed. One technique, the Cyberspace Security Econometrics System (CSES), is a methodology for estimating security costs to stakeholders as a function of possible risk postures. In earlier works, we presented a computational infrastructure that allows an analyst to estimate the security of a system in terms of the loss that each stakeholder stands to sustain, as a result of security breakdowns. Additional work has applied CSES to specific business cases. The current state-of-the-art of CSES addresses independent events. In typical usage, analysts create matrices that capture their expert opinion, and then use those matrices to quantify costs to stakeholders. This expansion generalizes CSES to the common real-world case where events may be dependent.
{"title":"Addressing the need for independence in the CSE model","authors":"R. Abercrombie, Erik M. Ferragut, Frederick T. Sheldon, M. Grimaila","doi":"10.1109/CICYBS.2011.5949395","DOIUrl":"https://doi.org/10.1109/CICYBS.2011.5949395","url":null,"abstract":"Information system security risk, defined as the product of the monetary losses associated with security incidents and the probability that they occur, is a suitable decision criterion when considering different information system architectures. Risk assessment is the widely accepted process used to understand, quantify, and document the effects of undesirable events on organizational objectives so that risk management, continuity of operations planning, and contingency planning can be performed. One technique, the Cyberspace Security Econometrics System (CSES), is a methodology for estimating security costs to stakeholders as a function of possible risk postures. In earlier works, we presented a computational infrastructure that allows an analyst to estimate the security of a system in terms of the loss that each stakeholder stands to sustain, as a result of security breakdowns. Additional work has applied CSES to specific business cases. The current state-of-the-art of CSES addresses independent events. In typical usage, analysts create matrices that capture their expert opinion, and then use those matrices to quantify costs to stakeholders. This expansion generalizes CSES to the common real-world case where events may be dependent.","PeriodicalId":436263,"journal":{"name":"2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-04-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130689746","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: