Risk-based systems security engineering: stopping attacks with intention

Evans, Suzanne B.; Heinbuch, D.V.; Kyle, E.M.; Piorkowski, John; Wallner, J.

doi:10.1109/msp.2004.109

Cited by 44 publications

(21 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Nevertheless, if quantitative methods cannot play the same pivotal role in security as in the safety area, they already provide a helpful tool for the security analyst and have found their place in different risk assessment methodologies (cf. [50,51] for attack trees).…”

Section: B General Limits and The Way Forwardmentioning

confidence: 99%

Modeling safety and security interdependencies with BDMP (Boolean logic Driven Markov Processes)

Piètre-Cambacédès

Bouissou

2010

2010 IEEE International Conference on Systems, Man and Cybernetics

View full text Add to dashboard Cite

Safety and security issues are increasingly converging on the same critical systems, leading to new situations in which these closely interdependent notions should now be considered together. Indeed, the related requirements, technical and organizational measures can have various interactions and side-effects ranging from mutual reinforcements to complete antagonisms. A better characterization of these inter dependencies is needed to ensure a controlled level of risk for the systems concerned by such a convergence. This paper describes the state of the art on this open issue and presents a new approach based on BDMP (Boolean logic Driven Markov Processes), allowing graphical modeling and advanced characterization of safety and security interdependencies. A simple use-case is used through diverse modeling variants, illustrating the capabilities, the contributions but also the limits with respect to other works dealing with safety and security interdependencies. We believe the proposed approach constitutes an original and valuable tool which could find its place in the on going research aiming at tackling this open and challenging task.

show abstract

Section: B General Limits and The Way Forwardmentioning

confidence: 99%

Modeling safety and security interdependencies with BDMP (Boolean logic Driven Markov Processes)

Piètre-Cambacédès

Bouissou

2010

2010 IEEE International Conference on Systems, Man and Cybernetics

View full text Add to dashboard Cite

show abstract

“…BLADE IDS Informer [8] is used to send various attack packets to other hosts so that Snort can monitor different kinds of warning events. These warning events are correlated to generate different warning sequences which are used to train hidden Markov models.…”

Section: B Initializing and Training Of Hidden Markov Modelsmentioning

confidence: 99%

A novel hidden Markov model for detecting complicate network attacks

Shi

Xia

2010

2010 IEEE International Conference on Wireless Communications, Networking and Information Security

View full text Add to dashboard Cite

It is difficult to detect complicate network attacks effectively nowadays. To detect these attacks the inherent characteristics of complicate network attacks are analyzed in detail. A novel hidden Markov model is proposed. The model is composed of several different monitors. In order to simplify the training procedure of the model and to improve its response performance warning events are classified into different types at first. Then the sequences of warning event types from different network monitors are correlated and their inherent relationship is mined so as to detect the type of complicate network attacks and to forecast their threat degree to the system. The experimental results show that the proposed model could recognize complicate network attacks effectively.Keywords-network; network attacks; hidden Markov model; intrusion detection I.

show abstract

“…Traditional risk assessment analyzes attack impact and likelihood of occurrence [2] [3][4] [5], but it remains difficult to quantify mission-level impact. Several recent research endeavors have sought to comprehend the relationship between information attack and mission impact [6] [7][8] [9] [10].…”

Section: Motivationmentioning

confidence: 99%

Toward Linking Information Assurance and Air and Missile Defense Mission Metrics

Castner

Henry

Jailall

et al. 2010

2010 IEEE Second International Conference on Social Computing

View full text Add to dashboard Cite

With the growing reliance on net-centric warfare, understanding the effect of information operations (IO) on the overall mission becomes increasingly important. Our research seeks to develop metrics that provide insight into the missionlevel effect of IO. We approach this goal by proposing comprehensive mission success metrics that provide a vehicle to analyze correlation with proposed information metrics. A quantitative analysis of relationships among information and mission metrics yields an ability to predict mission effect based on activity in the information space. This in turn may drive the derivation of operational requirements and the development of technology and strategy to better assure the mission. This paper presents initial progress toward identifying promising links between missionlevel metrics and information metrics, as well as insights into potential applications, such as a combat system that adapts to information degradation. I. MOTIVATIONAs the defense community continues to shift toward netcentric warfare, it becomes increasingly important to understand the effect of information operations (IO) on the overall mission. IO uses tactics such as electronic warfare and computer network operations to influence, disrupt, corrupt, or usurp adversarial human and automated decision making, while protecting our own [1]. Collaboration among units within a net-centric force yields improved performance, but requires an increased reliance on communication networks and information exchange. During network attacks, this reliance may present an Achilles heel.Our research seeks to build a quantitative understanding of the relationships among IO actions and mission effects. Traditional risk assessment analyzes attack impact and likelihood of occurrence [2][3][4][5], but it remains difficult to quantify mission-level impact. Several recent research endeavors have sought to comprehend the relationship between information attack and mission impact [6][7][8][9][10]. Recently, we investigated methods to quantify the impact of IO on Air and Missile Defense (AMD) force-level mission performance [11]. This research developed a simulation-based approach to measure the impact of information attacks on AMD performance. We also made initial progress toward identifying mid-level metrics that could link events in the information space to mission-level effects. Such analysis yields an ability to predict the effects of information attacks and identify requirements for mitigation. Decision makers can use these analysis techniques to drive information assurance (IA) investments and requirements based on an understanding of how proposed mitigations will affect mission performance.In this paper, we focus on metric development and its applications. We propose improvements to previously identified mission success metrics and develop additional concepts for information metrics that link IO and mission effect. We discuss our quantitative analysis approach and simulation environment. We also introduce potential applications for analysis...

show abstract

Risk-based systems security engineering: stopping attacks with intention

Cited by 44 publications

References 0 publications

Modeling safety and security interdependencies with BDMP (Boolean logic Driven Markov Processes)

Modeling safety and security interdependencies with BDMP (Boolean logic Driven Markov Processes)

A novel hidden Markov model for detecting complicate network attacks

Toward Linking Information Assurance and Air and Missile Defense Mission Metrics

Contact Info

Product

Resources

About