利用 FAIR 修正攻击树进行组织网络定量风险评估的综合框架

Frontiers in Computer Science Pub Date : 2024-02-29 DOI:10.3389/fcomp.2024.1304288

Atul Rana, Sachin Gupta, Bhoomi Gupta

{"title":"利用 FAIR 修正攻击树进行组织网络定量风险评估的综合框架","authors":"Atul Rana, Sachin Gupta, Bhoomi Gupta","doi":"10.3389/fcomp.2024.1304288","DOIUrl":null,"url":null,"abstract":"Attack trees are a widely used method for threat modeling and analyzing cyber-attacks in organizational networks. Assessing the risk associated with each individual node of an attack tree is crucial for understanding the overall risk of the attack. This article presents a comparative study of different threat modeling methods and risk assessment approaches in organizational networks. The article also presents a novel comprehensive approach for quantifying risk assessment of organizational networks based on attack trees modified according to the factor analysis of information risk (FAIR) approach. Our results demonstrate the effectiveness of the novel approach in capturing the unique characteristics of different assets and their dependencies in an attack tree, leading to quantitative risk assessment.","PeriodicalId":510141,"journal":{"name":"Frontiers in Computer Science","volume":"2012 9","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-02-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A comprehensive framework for quantitative risk assessment of organizational networks using FAIR-modified attack trees\",\"authors\":\"Atul Rana, Sachin Gupta, Bhoomi Gupta\",\"doi\":\"10.3389/fcomp.2024.1304288\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Attack trees are a widely used method for threat modeling and analyzing cyber-attacks in organizational networks. Assessing the risk associated with each individual node of an attack tree is crucial for understanding the overall risk of the attack. This article presents a comparative study of different threat modeling methods and risk assessment approaches in organizational networks. The article also presents a novel comprehensive approach for quantifying risk assessment of organizational networks based on attack trees modified according to the factor analysis of information risk (FAIR) approach. Our results demonstrate the effectiveness of the novel approach in capturing the unique characteristics of different assets and their dependencies in an attack tree, leading to quantitative risk assessment.\",\"PeriodicalId\":510141,\"journal\":{\"name\":\"Frontiers in Computer Science\",\"volume\":\"2012 9\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-02-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Frontiers in Computer Science\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.3389/fcomp.2024.1304288\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Frontiers in Computer Science","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.3389/fcomp.2024.1304288","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

攻击树是一种广泛应用于组织网络威胁建模和网络攻击分析的方法。评估攻击树中每个节点的相关风险对于了解攻击的整体风险至关重要。本文对组织网络中不同的威胁建模方法和风险评估方法进行了比较研究。文章还介绍了一种基于根据信息风险因子分析（FAIR）方法修改的攻击树来量化组织网络风险评估的新型综合方法。我们的研究结果表明，这种新方法能有效捕捉攻击树中不同资产的独特特征及其依赖关系，从而进行量化风险评估。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

A comprehensive framework for quantitative risk assessment of organizational networks using FAIR-modified attack trees

Attack trees are a widely used method for threat modeling and analyzing cyber-attacks in organizational networks. Assessing the risk associated with each individual node of an attack tree is crucial for understanding the overall risk of the attack. This article presents a comparative study of different threat modeling methods and risk assessment approaches in organizational networks. The article also presents a novel comprehensive approach for quantifying risk assessment of organizational networks based on attack trees modified according to the factor analysis of information risk (FAIR) approach. Our results demonstrate the effectiveness of the novel approach in capturing the unique characteristics of different assets and their dependencies in an attack tree, leading to quantitative risk assessment.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Frontiers in Computer Science

自引率

0.00%

发文量

期刊最新文献

Cybersecurity for Industry 5.0: trends and gaps Device-enabled neighborhood-slot allocation for the edge-oriented Internet of Things High-quality implementation for a continuous-in-time financial API in C# Editorial: HCI and worker well-being Extracting typing game keystroke patterns as potential indicators of programming aptitude