'Institute of Electrical and Electronics Engineers (IEEE)'
Doi
Abstract
In order to detect malicious insider attacks it is
important to model and analyse infrastructures and policies
of organisations and the insiders acting within them. We extend formal approaches that allow modelling such scenarios
by quantitative aspects to enable a precise analysis of security designs. Our framework enables evaluating the risks of an insider attack to happen quantitatively. The framework first identifies an insider’s intention to perform an inside attack, using Bayesian networks, and in a second phase computes the probability of success for an inside attack by this actor, using probabilistic model checking. We provide prototype tool support using Matlab
for Bayesian networks and PRISM for the analysis of Markov
decision processes, and validate the framework with case studies