A Large-Scale Study of the Time Required to Compromise a Computer System

Holm, Hannes

doi:10.1109/tdsc.2013.21

Cited by 31 publications

(31 citation statements)

References 38 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…the configuration values regarding attacks have been preset. Such quantitative data was collected from various sources including surveys and studies such as (Holm 2014;Jonsson and Olovsson 1997), but also from public vulnerability databases such as the US's National Vulnerability Database (NVD) 3 and China National Vulnerability Database of Information Security (CNNVD) 4 . Therefore, security expertise is not required from users.…”

Section: Reference Model Language and Cyber Security Analysis Toolmentioning

confidence: 99%

Load balancing of renewable energy: a cyber security analysis

et al. 2018

View full text Add to dashboard Cite

Background: In the coming years, the increase of automation in electricity distribution grids, controlled by ICT, will bring major consequences to the cyber security posture of the grids. Automation plays an especially important role in load balancing of renewable energy where distributed generation is balanced to load in a way that the grid stability is ensured. Threats to the load balancing and the smart grid in general arise from the activities of misbehaving or rouge actors in combination with poor design, implementation, or configuration of the system that makes it vulnerable. It is urgent to conduct an in-depth analysis about the feasibility and imminency of these potential threats ahead of a cyber catastrophy. This paper presents a cyber security evaluation of the ICT part of the smart grid with a focus on load balancing of renewable energy. Method: The work builds on a load balancing centered smart grid reference architecture model that is designed as part of the evaluation with the help of SCADA system and smart grid experts. The smart grid load balancing architecture represented by the model is then analyzed using a threat modelling approach that is encapsulated in a tool called securiCAD. Countermeasures are introduced in the model to measure how much each improve the cyber security of the smart grid.

show abstract

Section: Reference Model Language and Cyber Security Analysis Toolmentioning

confidence: 99%

Load balancing of renewable energy: a cyber security analysis

et al. 2018

View full text Add to dashboard Cite

show abstract

“…For instance, the effort required to discover a zero-day vulnerability was measured on a scale of work days [41]. For such data, analysis using the Akaike Information Criterion [42] was conducted to find the distribution best fit for modeling the dataset, with tested distributions selected based on choices and findings from a previous study involving time-to-compromise [43]. If no distribution was well fit, linear interpolation was used to derive a custom CDF.…”

Section: Likelihood Of Successful Attack As a Function Of Time Spent mentioning

confidence: 99%

“…Given this lack of knowledge, a reasonable choice might be to choose the statistical model that is best fit for modeling the time-to-compromise a system in general. For this purpose, we performed an analysis of what distribution that is best fit for modeling the time from installation of a system to compromise [40] of that system (a dataset of all malware incidents over 260,000 computers across three years) [43]. We also performed such distribution fitting for time-to-compromise observations from an international cyber defense exercise involving more than 100 participants [45].…”

Section: Likelihood Of Successful Attack As a Function Of Time Spent mentioning

confidence: 99%

P<inline-formula><tex-math>$^{2}$</tex-math><alternatives> <inline-graphic xlink:type="simple" xlink:href="holm-ieq1-2382574.gif"/></alternatives></inline-formula>CySeMoL: Predictive, Probabilistic Cyber Security Modeling Language

Holm

Shahzad

Buschle

et al. 2015

IEEE Trans. Dependable and Secure Comput.

Self Cite

View full text Add to dashboard Cite

This paper presents the Predictive, Probabilistic Cyber Security Modeling Language (P 2 CySeMoL), an attack graph tool that can be used to estimate the cyber security of enterprise architectures. P 2 CySeMoL includes theory on how attacks and defenses relate quantitatively; thus, users must only model their assets and how these are connected in order to enable calculations. The performance of P 2 CySeMoL enables quick calculations of large object models. It has been validated on both a component level and a system level using literature, domain experts, surveys, observations, experiments and case studies.

show abstract

“…The focus of this work is on intrusion detection with generation of attack dataset using real time traffic and IDS logs by exporting it to outside the victim network. Various approaches discussed for intrusion detection such as mathematical models like chi-square test, Hidden Markov Model based IDS [6]; frameworks discussed like, random forest tree based analysis [7]; architectures like NICE [8], multilevel intrusion detection [9]; methods like multi-variant correlation analysis [10], Poisson distribution [11]. Commencing with the survey, let's take a tour of Digital forensics & its technique's pros and cons first.…”

Section: Related Workmentioning

confidence: 99%

“…For the low cost of an IDS, the parallel string machine scheme is useful to reduce strain on memory in the context of parallel string matching engines [19]. The time factor to compromise the system depends on Poisson process which heavily depends on number of intrusions & system level security on the client as well as server side [11].…”

Section: Related Workmentioning

confidence: 99%

Intrusion Detection by Forensic Method in Private Cloud using Eucalyptus

Patil¹,

Ainapure²

2014

IJCA

View full text Add to dashboard Cite

Cloud computing has become the mature term which has dealt from single user to large enterprises. The private cloud platform building framework Eucalyptus has great pace of development within short span of time. Achieving AWS (Amazon Web Services) compatible features development along with scalability and sustainability has introduced several issues have an adverse effect on the cloud system. In continuing with this, the chances of intrusion also increase evading traditional mechanism of security. Issues have been introduced due to seamless integration of such structure with computing technologies and so on. By taking advantage of such flaws, the Cybercrime is rapidly increasing in this field. The proposed work is regarded with Digital forensics technique and intrusion detection mechanism. In this scope of work, an experimental setup of Eucalyptus with Snort NIDS (Network Intrusion Detection System) to detect attacks using snort rules has been created. The Eucalyptus Cloud components and Snort logs are exported to outside cloud network to rSyslog server which would be later analyzed by the Awstats log analyzer. Accompanied to above, this scope of work also addresses toward the issue of Eucalyptus to export its logs to the remote rSyslog server. This system will definitely help to reduce the strain on the Cloud forensics.

show abstract

A Large-Scale Study of the Time Required to Compromise a Computer System

Cited by 31 publications

References 38 publications

Load balancing of renewable energy: a cyber security analysis

Load balancing of renewable energy: a cyber security analysis

P<inline-formula><tex-math>$^{2}$</tex-math><alternatives> <inline-graphic xlink:type="simple" xlink:href="holm-ieq1-2382574.gif"/></alternatives></inline-formula>CySeMoL: Predictive, Probabilistic Cyber Security Modeling Language

Intrusion Detection by Forensic Method in Private Cloud using Eucalyptus

Contact Info

Product

Resources

About