Search CORE

37,525 research outputs found

Analysis of Organizational Vulnerability using Social Network Analysis and Attack Graph

Author: Boonkrong Sirapat
Kanchanapokin Supachai
Publication venue: GSTF Journal on Computing (JoC)
Publication date: 10/08/2016
Field of study

The purpose of this paper is to develop an approach to analyze organizational vulnerability caused by its employees. The proposed approach is adapted from general attack graph analysis approach and social network analysis approach. The attack graph, which is relationship graph in this proposed approach, is created from organization’s email logs and virus reports. The relationship graph is analyzed using shortest path analysis to discover all possible attack paths start from risky employees to target employee, and then grouped by path length for further actions based on security policy. The proposed approach was tested using datasets that are limited to only one month with assumption that weight on all edges are equal. This paper suggested further study to improve accuracy of the proposed approach using other mathematical methods such as shortest path analysis with weight or Markov Chains. The proposed approach could also be used by security audit in risk assessment process

GSTF Digital Library (GSTF-DL): Open Journal Systems (Global Science and Technology Forum)

An Analytical Evaluation of Network Security Modelling Techniques Applied to Manage Threats

Author: Huang Wei
Maple Carsten
Viduto Valentina
Publication venue: 'Institute of Electrical and Electronics Engineers (IEEE)'
Publication date: 01/01/2010
Field of study

The current ubiquity of information coupled with the reliance on such data by businesses has led to a great deal of resources being deployed to ensure the security of this information. Threats can come from a number of sources and the dangers from those insiders closest to the source have increased significantly recently. This paper focuses on techniques used to identify and manage threats as well as the measures that every organisation should consider to put into action. A novel game-based onion skin model has been proposed, combining techniques used in theory-based and hardware-based hardening strategies

Crossref

University of Huddersfield Repository

University of Bedfordshire Repository

Toward optimal multi-objective models of network security: Survey

Author: Huang W
Maple C
Viduto Valentina
Publication venue
Publication date: 10/09/2011
Field of study

Information security is an important aspect of a successful business today. However, financial difficulties and budget cuts create a problem of selecting appropriate security measures and keeping networked systems up and running. Economic models proposed in the literature do not address the challenging problem of security countermeasure selection. We have made a classification of security models, which can be used to harden a system in a cost effective manner based on the methodologies used. In addition, we have specified the challenges of the simplified risk assessment approaches used in the economic models and have made recommendations how the challenges can be addressed in order to support decision makers

University of Huddersfield Repository

Towards optimal multi-objective models of network security: survey

Author: Huang Wei
Maple Carsten
Viduto Valentina
Publication venue: IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
Publication date: 01/01/2011
Field of study

University of Bedfordshire Repository

Assessing and augmenting SCADA cyber security: a survey of techniques

Author: Almalawi
August
Baecher
Boldea
Bouchti
Brand
Byres
Bytschkow
Carcano
Cavalieri
Chabuksawar
Cherdantseva
Ciancamerla
Clarke
Constantin
Curtis
Davies
Dilip Patel
Disso
Dondossola
Dong
Downs
ENISA
Erol-Kantarci
Farooqui
Fovino
Fovino
Genge
Genge
Giani
Goldenberg
Guide to industrial control systems (ICS)
Hahn
Hemingway
Henry
Henry
Honeyd
Hug
Huitsing
IEEE Standard for Modeling and Simulation (M&S) High Level Architecture (HLA)– Framework and Rules
Igure
Information Security Management (ISMS)
Jain
Jiang
Jin
Kesler
Kirsch
Langner
Leitner
Leszczyna
Li
Li
Li
MacDermott
Mahboob
Mahoney
Mallouhi
Markovic-Petrovic
Mathioudakis
Maynard
Metasploit
Mets
Microsoft Security Bulletins
Mo
Moore
Morris
Moya
Nader
NETA
nmap
Novak
O'Kane
Oman
OpenSCADA
OSSEC
OSSIM
Pauna
Peterson
Pham
Phillips
Pidikiti
Piggin
Protecting Industrial Control Systems
Queiroz
Queiroz
Ralston
Roberts
Sajid Nazir
SCADA
Scarfone
Scarfone
Schneier
Shushma Patel
Simmhan
Slay
Snort
Sploitware
Sridhar
Srivastava
Stouffer
Symantec Security Response
Süß
Ten
Ten
Ten
Tesfahun
Torrisi
Urias
Vijayan
White paper
Winn
Wu
Xie
Yang
Yang
Yang
Zhang
Zhang
Zhu
Ćardenas
Publication venue: 'Elsevier BV'
Publication date: 01/01/2017
Field of study

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

LSBU Research Open

Crossref

ResearchOnline@GCU