We found a match
Your institution may have access to this item. Find your institution then sign in to continue.
- Title
Dynamic Security Risk Management Using Bayesian Attack Graphs.
- Authors
Poolsappasit, Nayot; Dewri, Rinku; Ray, Indrajit
- Abstract
Security risk assessment and mitigation are two vital processes that need to be executed to maintain a productive IT infrastructure. On one hand, models such as attack graphs and attack trees have been proposed to assess the cause-consequence relationships between various network states, while on the other hand, different decision problems have been explored to identify the minimum-cost hardening measures. However, these risk models do not help reason about the causal dependencies between network states. Further, the optimization formulations ignore the issue of resource availability while analyzing a risk model. In this paper, we propose a risk management framework using Bayesian networks that enable a system administrator to quantify the chances of network compromise at various levels. We show how to use this information to develop a security mitigation and management plan. In contrast to other similar models, this risk model lends itself to dynamic analysis during the deployed phase of the network. A multiobjective optimization platform provides the administrator with all trade-off information required to make decisions in a resource constrained environment.
- Subjects
COMPUTER security; RISK assessment; CYBERTERRORISM; ELECTRONIC equipment; COMPUTER crimes
- Publication
IEEE Transactions on Dependable & Secure Computing, 2012, Vol 9, Issue 1, p61
- ISSN
1545-5971
- Publication type
Article
- DOI
10.1109/TDSC.2011.34