论文信息 - Cybersecurity: A Statistical Predictive Model for the Expected Path Length

Cybersecurity: A Statistical Predictive Model for the Expected Path Length

The object of this study is to propose a statistical model for predicting the Expected Path Length (expected number of steps the attacker will take, starting from the initial state to compromise the security goal—EPL) in a cyber-attack. The model we developed is based on utilizing vulnerability information along with having host centric attack graph. Utilizing the developed model, one can identify the interaction among the vulnerabilities and individual variables (risk factors) that drive the Expected Path Length. Gaining a better understanding of the relationship between vulnerabilities and their interactions can provide security administrators a better view and an understanding of their security status. In addition, we have also ranked the attributable variables and their contribution in estimating the subject length. Thus, one can utilize the ranking process to take precautions and actions to minimize Expected Path Length.

Pubudu Kalpani Kaluarachchi | Chris P. Tsokos | Sasith M. Rajasooriya | C. Tsokos

[1] Gregory F. Lawler. Introduction to Stochastic Processes , 1995 .

[2] Tim Bass,et al. Intrusion detection systems and multisensor data fusion , 2000, CACM.

[3] Sushil Jajodia,et al. Multiple coordinated views for network attack graphs , 2005, IEEE Workshop on Visualization for Computer Security, 2005. (VizSEC 05)..

[4] Karen Scarfone,et al. Common Vulnerability Scoring System , 2006, IEEE Security & Privacy.

[5] Edmund M. Clarke,et al. Ranking Attack Graphs , 2006, RAID.

[6] Indrajit Ray,et al. Measuring, analyzing and predicting security vulnerabilities in software systems , 2007, Comput. Secur..

[7] Sushil Jajodia,et al. Measuring the Overall Security of Network Configurations Using Attack Graphs , 2007, DBSec.

[8] Sushil Jajodia,et al. An Attack Graph-Based Probabilistic Security Metric , 2008, DBSec.

[9] Stefan Frei,et al. Security econometrics: The dynamics of (in)security , 2009 .

[10] Sushil Jajodia,et al. Advanced Cyber Attack Modeling Analysis and Visualization , 2010 .

[11] Phongphun Kijsanayothin. Network security modeling with intelligent and complexity analysis , 2010 .

[12] Suku Nair,et al. Cyber Security Analytics: A Stochastic Model for Security Quantification Using Absorbing Markov Chains , 2014 .