Skip to main content
SpringerLink
Log in

A Method for Estimation of the Success Probability of an Intrusion Process by Considering the Temporal Aspects of the Attacker Behavior

  • Chapter
Book cover Transactions on Computational Science IV

Part of the book series: Lecture Notes in Computer Science ((TCOMPUTATSCIE,volume 5430))

Abstract

The aim is to propose a new approach for stochastic modeling of an intrusion process and quantitative evaluation of the probability of the attacker success. In many situations of security analysis, it is necessary to obtain the probabilities of success for attackers in an intrusion process. In the proposed method, the intrusion process is considered as elementary attack phases. In each atomic phase the attacker and the system interact and this interaction can transfer the current system state to a secure or failure state. Intrusion process modeling is done by a semi-Markov chain (SMC). The distribution functions assigned to the SMC transitions are a linear combination of some uniform distributions. These mixture distributions represent the time distribution of the attacker or the system in the transient states. In order to evaluate the security measure, the SMC is converted into a discrete-time Markov chain (DTMC) and then the resulting DTMC is analyzed and the probability of the attacker success is computed based on mathematical theorems. The desired security measure is evaluated with respect to the temporal aspects of the attacker behavior.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Avizienis, A., Laprie, J.-C., Randell, B., Landwehr, C.: Basic Concepts and Taxonomy of Dependable and Secure Computing. IEEE Transaction on Dependable and Secure Computing 1 (2004)

    Google Scholar 

  2. Bodei, C., Curti, M., Degano, P.: A Quantitative Study of Two Attacks. In: Proc. of the 2nd International Workshop on Security Issues with Petri Nets and other Computational Models (WISP 2004). Electronic Notes in Theoretical Computer Science, vol. 121, pp. 65–85. Elsevier, Amsterdam (2005)

    Google Scholar 

  3. Cao, Y., Sun, H., Trivedi, K.S., Han, J.: System Availability With Non-Exponentially Distributed Outages. IEEE Transaction on Reliability 51(2) (2002)

    Google Scholar 

  4. Bolch, G., Greiner, S., de Meer, H., Trivedi, K.S.: Queueing Networks and Markov Chains: Modeling and Performance Evaluation with Computer Science Application, 2nd edn. John Wiley & Sons, Chichester (2006)

    Book  MATH  Google Scholar 

  5. Goševa-Popstojanova, K., et al.: Characterizing Intrusion Tolerant Systems Using a State Transition Model. In: DARPA Information Survivability Conference and Exposition (DISCEX II), vol. 2, pp. 211–221 (2001)

    Google Scholar 

  6. Houmb, S.H., Sallahammar, K.: Modeling System Integrity of a Security Critical Using Coloured Petri Nets. In: Proc. of the 1st International Conference on Safety and Security Engineering, Rome, Italy, June 13-15 (2005)

    Google Scholar 

  7. Jonsson, E., Olovsson, T.: A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior. IEEE Trans. of Software Engineering 23(4), 235–245 (1997)

    Article  Google Scholar 

  8. Jonsson, E.: Towards an Integrated Conceptual Model of Security and Dependability. In: Proc. of the First International Conference on Availability, Reliability and Security (AReS) (2006)

    Google Scholar 

  9. Kaâniche, M., Alata, E., Nicomette, V., Deswarte, Y., Dacier, M.: Empirical Analysis and Statistical Modelling of Attack Processes Based on Honeypots. In: Proc. of Workshop on Empirical Evaluation of Dependability and Security (WEEDS 2006), Philadelphia, USA, June 25–28 (2006)

    Google Scholar 

  10. Littlewood, B., et al.: Towards Operational Measures of Computer Security. Journal of Computer Security 2, 211–229 (1993)

    Article  Google Scholar 

  11. Madan, B.B., Goseva-Popstojanova, K., Vaidyanathan, K., Trivedi, K.S.: A Method for Modeling and Quantifying the Security Attributes of Intrusion Tolerant Systems. Performance Evaluation 56 (2004)

    Google Scholar 

  12. Malhotra, S., Bhattacharya, S., Ghosh, S.K.: A Vulnerability and Exploit Independent Approach for Attack Path Prediction. In: Proc. of IEEE 8th International Conference on Computer and Information Technology Workshops (2008)

    Google Scholar 

  13. McQueen, M.A., Boyer, W.F., Flynn, M.A., Beitel, G.A.: Time-to-Compromise Model for Cyber Risk Reduction Estimation. In: Proc. of Quality of Protection Workshop (2005)

    Google Scholar 

  14. Nicol, D.M., Sanders, W.H., Trivedi, K.S.: Model-Based Evaluation: From Dependability to Security. IEEE Trans. on Dependable and Secure Computing 1(1), 48–65 (2004)

    Article  Google Scholar 

  15. Ortalo, R., et al.: Experiments with Quantitative Evaluation Tools for Monitoring Operational Security. IEEE Transaction on Software Engineering 25(5) (1999)

    Google Scholar 

  16. Sallhamar, K.: Stochastic Models for Combined Security and Dependability Evaluation. Ph.D. Thesis, Norwegian University of Science and Technology (2007)

    Google Scholar 

  17. Sallhammar, K., Knapskog, S.J.: Using Game Theory in Stochastic Models for Quantifying Security. In: Proc. of the 9th Nordic Workshop on Secure IT-Systems (NordSec 2004), Espoo, Finland, November 4-5 (2004)

    Google Scholar 

  18. Sallhammar, K., Helvik, B.E., Knapskog, S.J.: On Stochastic Modeling for Integrated Security and Dependability Evaluation. Journal of Networks 1(5) (2006)

    Google Scholar 

  19. Sallhammar, K., Knapskog, S.J., Helvik: Using Stochastic Game Theory to Compute the Expected Behavior of Attackers. In: Proc. of the 2005 International Symposium on Applications and the Internet Workshops (Saint 2005) (2005)

    Google Scholar 

  20. Shahriari, H.R., Makarem, M.S., Sirjani, M., Jalili, R., Movaghar, A.: Modeling and Verification of Complex Network Attacks Using an Actor-Based Language. In: Proc. the 11th International CSI Computer Conference (CSICC 2006), January 24-26 (2006)

    Google Scholar 

  21. Singh, S., Cukier, M., Sanders, W.: Probabilistic Validation of an Intrusion-Tolerant Replication System. In: Proc. of the 2003 International Conference on Dependable Systems and Networks (DSN 2003) (2001)

    Google Scholar 

  22. Steven, J., Templeton, K.L.: A Requires/Provides Model for Computer Attacks. In: Proc. of the 2000 Workshop on New Security Paradigms, Ballycotton, County Cork, Ireland, pp. 31–38 (2001)

    Google Scholar 

  23. Stevens, F., Courtney, T., Singh, S., Agbaria, A., Meyer, J.F., Sanders, W.H., Pal, P.: Model-Based Validation of an Intrusion-Tolerant Information System. In: Proc. of the 23rd Symposium on Reliable Distributed Systems (SRDS 2004), Florianpolis, Brazil (October 2004)

    Google Scholar 

  24. Trivedi, K.S.: Probability and Statistics with Reliability, Queuing, and Computer Science Applications, 2nd edn. John Wiley & Sons, Chichester (2001)

    MATH  Google Scholar 

  25. Wang, D., Madan, B., Trivedi, K.S.: Security Analysis of SITAR Intrusion-Tolerant System. In: Proc. ACM Workshop on Survivable and Self-Regenerative Systems (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Engineering, Iran University of Science and Technology, Tehran, Iran

    Jaafar Almasizadeh & Mohammad Abdollahi Azgomi

Authors
  1. Jaafar Almasizadeh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mohammad Abdollahi Azgomi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science, University of Calgary, 2500 University Drive N.W., T2N 1N4, Calgary, AB, Canada

    Marina L. Gavrilova

  2. OptimaNumerics Ltd., Cathedral House, 23-31 Waring Street, BT1 2DX, Belfast, UK

    C. J. Kenneth Tan

  3. University of Amazonas State - UEA Manaus, AM, Brazil

    Edward David Moreno

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Almasizadeh, J., Azgomi, M.A. (2009). A Method for Estimation of the Success Probability of an Intrusion Process by Considering the Temporal Aspects of the Attacker Behavior. In: Gavrilova, M.L., Tan, C.J.K., Moreno, E.D. (eds) Transactions on Computational Science IV. Lecture Notes in Computer Science, vol 5430. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01004-0_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-01004-0_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-01003-3

  • Online ISBN: 978-3-642-01004-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation