Risk Propagation Analysis and Visualization using Percolation Theory

This article presents a percolation-based approach for the analysis of risk propagation, using malware spreading as a showcase example. Conventional risk management is often driven by human (subjective) assessment of how one risk influences the other, respectively, how security incidents can affect subsequent problems in interconnected (sub)systems of an infrastructure. Using percolation theory, a well-established methodology in the fields of epidemiology and disease spreading, a simple simulation-based method is described to assess risk propagation system-atically. This simulation is formally analyzed using percolation theory, to obtain closed form criteria that help predicting a pandemic incident propagation (or a propagation with average-case bounded implications). The method is designed as a security decision support tool, e.g., to be used in security operation centers. For that matter, a flexible visualization technique is devised, which is naturally induced by the percolation model and the simulation algorithm that derives from it. The main output of the model is a graphical visualization of the infrastructure (physical or logical topology). This representation uses color codes to indicate the likelihood of problems to arise from a security incident that initially occurs at a given point in the system. Large likelihoods for problems thus indicate “hotspots”, where additional action should be taken.

[1]  M. Newman,et al.  Random graphs with arbitrary degree distributions and their applications. , 2000, Physical review. E, Statistical, nonlinear, and soft matter physics.

[2]  Cohen,et al.  Resilience of the internet to random breakdowns , 2000, Physical review letters.

[3]  Mark E. J. Newman,et al.  Competing epidemics on complex networks , 2011, Physical review. E, Statistical, nonlinear, and soft matter physics.

[4]  D. J. Bailey,et al.  Percolation-based risk index for pathogen invasion: application to soilborne disease in propagation systems. , 2013, Phytopathology.

[5]  Stamatis Karnouskos,et al.  Stuxnet worm impact on industrial cyber-physical system security , 2011, IECON 2011 - 37th Annual Conference of the IEEE Industrial Electronics Society.

[6]  D S Callaway,et al.  Network robustness and fragility: percolation on random graphs. , 2000, Physical review letters.

[7]  Paul Erdös,et al.  On random graphs, I , 1959 .

[8]  L. Sander,et al.  Percolation on heterogeneous networks as a model for epidemics. , 2002, Mathematical biosciences.

[9]  Gustavo Manso,et al.  Information Percolation in Segmented Markets , 2011, J. Econ. Theory.

[10]  Gustavo Manso,et al.  National Centre of Competence in Research Financial Valuation and Risk Management Working Paper No . 514 Information Percolation with Equilibrium Search Dynamics , 2009 .

[11]  Antonio Scarfò,et al.  New Security Perspectives around BYOD , 2012, 2012 Seventh International Conference on Broadband, Wireless Computing, Communication and Applications.

[12]  Troy Tassier The Economics of Epidemiology , 2013 .

[13]  Reuven Cohen,et al.  Percolation critical exponents in scale-free networks. , 2002, Physical review. E, Statistical, nonlinear, and soft matter physics.

[14]  N. Pletneva COMMENTARY ON THE INTERNATIONAL STANDARD ISO 31000–2009 “RISK MANAGEMENT. PRINCIPLES AND GUIDELINES” , 2014 .

[15]  B. Clinton,et al.  Executive Order 13010: Critical Infrastructure Protection , 1996 .

[16]  Milos Manic,et al.  CIMS: A Framework for Infrastructure Interdependency Modeling and Analysis , 2006, Proceedings of the 2006 Winter Simulation Conference.

[17]  Joel C. Miller Bounding the Size and Probability of Epidemics on Networks , 2008, Journal of Applied Probability.

[18]  O Diekmann,et al.  The construction of next-generation matrices for compartmental epidemic models , 2010, Journal of The Royal Society Interface.

[19]  J. Robins,et al.  Second look at the spread of epidemics on networks. , 2006, Physical review. E, Statistical, nonlinear, and soft matter physics.

[20]  James P. Peerenboom,et al.  Identifying, understanding, and analyzing critical infrastructure interdependencies , 2001 .

[21]  M. Newman,et al.  Interacting Epidemics and Coinfection on Contact Networks , 2013, PloS one.

[22]  A. Barabasi,et al.  Percolation in directed scale-free networks. , 2002, Physical review. E, Statistical, nonlinear, and soft matter physics.

[23]  M. Newman Spread of epidemic disease on networks. , 2002, Physical review. E, Statistical, nonlinear, and soft matter physics.

[24]  Bill Morrow,et al.  BYOD security challenges: control and protect your most sensitive data , 2012, Netw. Secur..

[25]  Gordon Thomson BYOD: enabling the chaos , 2012, Netw. Secur..

[26]  Marcel Salathé,et al.  Dynamics and Control of Diseases in Networks with Community Structure , 2010, PLoS Comput. Biol..

[27]  M E J Newman,et al.  Predicting epidemics on directed contact networks. , 2006, Journal of theoretical biology.