Assessing Security Risk to a Network Using a Statistical Model of Attacker Community Competence

We propose a novel approach for statistical risk modeling of network attacks that lets an operator perform risk analysis using a data model and an impact model on top of an attack graph in combination with a statistical model of the attacker community exploitation skill. The data model describes how data flows between nodes in the network -- how it is copied and processed by softwares and hosts -- while the impact model models how exploitation of vulnerabilities affects the data flows with respect to the confidentiality, integrity and availability of the data. In addition, by assigning a loss value to a compromised data set, we can estimate the cost of a successful attack. The statistical model lets us incorporate real-time monitor data from a honeypot in the risk calculation. The exploitation skill distribution is inferred by first classifying each vulnerability into a required exploitation skill-level category, then mapping each skill-level into a distribution over the required exploitation skill, and last applying Bayesian inference over the attack data. The final security risk is thereafter computed by marginalizing over the exploitation skill

Towards Realistic Threat Modeling: Attack Commodification, Irrelevant Vulnerabilities, and Unrealistic Assumptions

Current threat models typically consider all possible ways an attacker can penetrate a system and assign probabilities to each path according to some metric (e.g. time-to-compromise). In this paper we discuss how this view hinders the realness of both technical (e.g. attack graphs) and strategic (e.g. game theory) approaches of current threat modeling, and propose to steer away by looking more carefully at attack characteristics and attacker environment. We use a toy threat model for ICS attacks to show how a realistic view of attack instances can emerge from a simple analysis of attack phases and attacker limitations.Comment: Proceedings of the 2017 Workshop on Automated Decision Making for Active Cyber Defens

Information Security Risk Assessment in the Context of Outsourcing in a Financial Institution

Infoturbe riskihindamine finantsinstitutsioonis on oluline, et mõista ettevõtte varade konfidentsiaalsuse, tervikluse ja käideldavuse riskipositsiooni. Kolmandate osapooltega seotud riskide olulisus on finantsinstitutsioonide jaoks kasvanud. Ettevõtete soov on tagada informatsiooni turvalisus optimeerides samal ajal efektiivselt investeeringuid. Täna on valdavalt kasutusel meetodid, mis tuginevad ekspertide arvamustele ja individuaalsetele hinnangutele, mistõttu kajastavad tulemused vaid limiteeritud vaadet eksisteerivatele riskidele. See on probleem, sest ettevõtted ei soovi teha suure mahulisi investeeringuid turvalisusesse ilma võimalikult täpselt riske hindamata. Käesolevas uurimistöös on käsitletud kahte infoturbe riski hindamise meetodit: ISSRM ja Bayesi võrkudel põhinevat ründepuud. Käsitledes kolmandate osapooltega seotud allhanget kui äriprotsessi, on koostatud süsteemne võrdlus nende meetodite kohta ning hinnatud allhanke korral tekkida võiva riski suurust organisatsioonile. Pakutud on soovitused, kuidas ühendada infoturbe riskijuhtimise metoodika tõenäosusliku riskihindamise metoodikaga. Tulemused on hinnatud valdkonna spetsialistide poolt.Information security risk assessment in a financial institution is important for understanding risk exposure to the confidentiality, integrity, and availability of assets. Third-party security is recognized to have a growing importance for financial sector organizations. A financial institution aims for securing information while justifying budgeting decisions. Unfortunately, commonly used methods are dependent on value judgments and individual assurances which limit their reflection of existing uncertainties in reality. This is a problem because organizations do not want to allocate resources into security without accurately estimating their exposure to risks. The paper introduces two information security risk assessment methods: Information System Security Risk Management method and Bayesian Networks Based Attack Graphs. A systematic comparison of the methods is made in the context of third-party outsourcing. A proposition of how to combine a security risk management method together with a probabilistic risk assessment method has been made. Feedback and validation have been given by experts in the field

A review of cyber security risk assessment methods for SCADA systems

This paper reviews the state of the art in cyber security risk assessment of Supervisory Control and Data Acquisition (SCADA) systems. We select and in-detail examine twenty-four risk assessment methods developed for or applied in the context of a SCADA system. We describe the essence of the methods and then analyse them in terms of aim; application domain; the stages of risk management addressed; key risk management concepts covered; impact measurement; sources of probabilistic data; evaluation and tool support. Based on the analysis, we suggest an intuitive scheme for the categorisation of cyber security risk assessment methods for SCADA systems. We also outline five research challenges facing the domain and point out the approaches that might be taken

A Probabilistic Framework for Security Scenarios with Dependent Actions

This work addresses the growing need of performing meaningful probabilistic analysis of security. We propose a framework that integrates the graphical security modeling technique of attack–defense trees with probabilistic information expressed in terms of Bayesian networks. This allows us to perform probabilistic evaluation of attack–defense scenarios involving dependent actions. To improve the efficiency of our computations, we make use of inference algorithms from Bayesian networks and encoding techniques from constraint reasoning. We discuss the algebraic theory underlying our framework and point out several generalizations which are possible thanks to the use of semiring theory

DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees

This paper presents the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs). DAGs allow for a hierarchical decomposition of complex scenarios into simple, easily understandable and quantifiable actions. Methods based on threat trees and Bayesian networks are two well-known approaches to security modeling. However there exist more than 30 DAG-based methodologies, each having different features and goals. The objective of this survey is to present a complete overview of graphical attack and defense modeling techniques based on DAGs. This consists of summarizing the existing methodologies, comparing their features and proposing a taxonomy of the described formalisms. This article also supports the selection of an adequate modeling technique depending on user requirements

Vulnerability-Based Impact Criticality Estimation for Industrial Control Systems

Cyber threats directly affect the critical reliability and availability of modern Industry Control Systems (ICS) in respects of operations and processes. Where there are a variety of vulnerabilities and cyber threats, it is necessary to effectively evaluate cyber security risks, and control uncertainties of cyber environments, and quantitative evaluation can be helpful. To effectively and timely control the spread and impact produced by attacks on ICS networks, a probabilistic Multi-Attribute Vulnerability Criticality Analysis (MAVCA) model for impact estimation and prioritised remediation is presented. This offer a new approach for combining three major attributes: vulnerability severities influenced by environmental factors, the attack probabilities relative to the vulnerabilities, and functional dependencies attributed to vulnerability host components. A miniature ICS testbed evaluation illustrates the usability of the model for determining the weakest link and setting security priority in the ICS. This work can help create speedy and proactive security response. The metrics derived in this work can serve as sub-metrics inputs to a larger quantitative security metrics taxonomy; and can be integrated into the security risk assessment scheme of a larger distributed system

Byzantine Attack and Defense in Cognitive Radio Networks: A Survey

The Byzantine attack in cooperative spectrum sensing (CSS), also known as the spectrum sensing data falsification (SSDF) attack in the literature, is one of the key adversaries to the success of cognitive radio networks (CRNs). In the past couple of years, the research on the Byzantine attack and defense strategies has gained worldwide increasing attention. In this paper, we provide a comprehensive survey and tutorial on the recent advances in the Byzantine attack and defense for CSS in CRNs. Specifically, we first briefly present the preliminaries of CSS for general readers, including signal detection techniques, hypothesis testing, and data fusion. Second, we analyze the spear and shield relation between Byzantine attack and defense from three aspects: the vulnerability of CSS to attack, the obstacles in CSS to defense, and the games between attack and defense. Then, we propose a taxonomy of the existing Byzantine attack behaviors and elaborate on the corresponding attack parameters, which determine where, who, how, and when to launch attacks. Next, from the perspectives of homogeneous or heterogeneous scenarios, we classify the existing defense algorithms, and provide an in-depth tutorial on the state-of-the-art Byzantine defense schemes, commonly known as robust or secure CSS in the literature. Furthermore, we highlight the unsolved research challenges and depict the future research directions.Comment: Accepted by IEEE Communications Surveys and Tutoiral