Cyber Risk Assessment of Networked Cyber Assets using Probabilistic Model Checking
| Autor: | Subhasis Mukhopadhyay, Shankhadip Mallick, Anand Handa, Nitesh Kumar, Remish Leonard Minz, Ramesh Kumar Rakesh, Sanjana Pai Nagarmat, Sandeep K. Shukla |
|---|---|
| Rok vydání: | 2019 |
| Předmět: |
Model checking
021110 strategic defence & security studies Downtime Computer science 0211 other engineering and technologies Probabilistic logic 02 engineering and technology Computer security computer.software_genre Network element 0202 electrical engineering electronic engineering information engineering Enterprise private network 020201 artificial intelligence & image processing Risk assessment Path analysis (statistics) computer Probabilistic model checking |
| Zdroj: | 2019 IEEE Conference on Information and Communication Technology. |
| DOI: | 10.1109/cict48419.2019.9066178 |
| Popis: | Attack path analysis to assess the path from the external facing entities to the inner hosts and network elements is a much researched problem. However, to compute a summary risk value per device, based on vulnerabilities discovered on a daily basis, is a much demanded capability in the arsenal of any security administrator of an enterprise network. Further, higher management such as CISOs have to be convinced with numerical risk comparisons to allow the down time required to patch the systems as opposed to defer it till a much later date during a scheduled shutdown. It must be noted that each security administrator's problem is different due to the difference in the structure and composition of the network they administer. Therefore, no industry data source can help in getting these numbers, as the risk numbers are specific to each network and its components. In this paper, we present a methodology based in probabilistic model checking to compute these risk scores for each device in an enterprise network. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|