Olsson, Tomas (2009) *Assessing Security Risk to a Network Using a Statistical Model of Attacker Community Competence.* In: Eleventh International Conference on Information and Communications Security (ICICS 2009), 14-17 Dec 2009, Beijing, China.

*This is the latest version of this item.*

| PDF 299Kb |

Official URL: http://www.springerlink.com/link.asp?id=105633

## Abstract

We propose a novel approach for statistical risk modeling of network attacks that lets an operator perform risk analysis using a data model and an impact model on top of an attack graph in combination with a statistical model of the attacker community exploitation skill. The data model describes how data flows between nodes in the network -- how it is copied and processed by softwares and hosts -- while the impact model models how exploitation of vulnerabilities affects the data flows with respect to the confidentiality, integrity and availability of the data. In addition, by assigning a loss value to a compromised data set, we can estimate the cost of a successful attack. The statistical model lets us incorporate real-time monitor data from a honeypot in the risk calculation. The exploitation skill distribution is inferred by first classifying each vulnerability into a required exploitation skill-level category, then mapping each skill-level into a distribution over the required exploitation skill, and last applying Bayesian inference over the attack data. The final security risk is thereafter computed by marginalizing over the exploitation skill.

Item Type: | Conference or Workshop Item (Paper) |
---|---|

Additional Information: | The original publication is available at www.springerlink.com. |

Uncontrolled Keywords: | Intrusion detection, Risk analysis, Network security, Security metrics |

ID Code: | 3847 |

Deposited By: | Tomas Olsson |

Deposited On: | 01 Mar 2010 10:17 |

Last Modified: | 01 Mar 2010 10:17 |

### Available Versions of this Item

- Assessing Security Risk to a Network Using a Statistical Model of Attacker Community Competence. (deposited 22 Oct 2009)
- Assessing Security Risk to a Network Using a Statistical Model of Attacker Community Competence. (deposited 13 Jan 2010 15:15)
- Assessing Security Risk to a Network Using a Statistical Model of Attacker Community Competence. (deposited 01 Mar 2010 10:17)
**[Currently Displayed]**

- Assessing Security Risk to a Network Using a Statistical Model of Attacker Community Competence. (deposited 01 Mar 2010 10:17)

- Assessing Security Risk to a Network Using a Statistical Model of Attacker Community Competence. (deposited 13 Jan 2010 15:15)

Repository Staff Only: item control page