Skip to main content
SpringerLink
Log in

An Automated Graph Based Approach to Risk Assessment for Computer Networks with Mobile Components

  • Conference paper
  • First Online:
Mobile Internet Security (MobiSec 2016)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 797))

Included in the following conference series:

Abstract

The paper suggests an automated approach to risk assessment for computer networks with mobile components. The approach is based on the modeling of attacks against computer network as attack graphs and application of open databases of attack patterns and vulnerabilities. Distinctive features of the attacks against networks with mobile components are analyzed. On the base of this analysis we develop the technique of attack graph generation taking into account vulnerabilities of software and hardware for mobile access points as well as weaknesses of mobile devices and mobile connection channels. The technique for calculation of risk assessment metrics is suggested. Operation of the technique for the attack graph generation and calculation of risks is shown on a sample network with mobile components.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. CAPEC-512: Communications. https://capec.mitre.org/data/definitions/512.html

  2. CAPEC-553: Mobile Device Patterns. https://capec.mitre.org/data/definitions/553.html

  3. Check Point Software Technologies Ltd.: Check Point – 2016 Security Report. https://www.checkpoint.com/resources/security-report/

  4. Common Attack Pattern Enumeration and Classification (CAPEC). https://capec.mitre.org

  5. Common Configuration Enumeration (CCE). http://cce.mitre.org/

  6. Common Vulnerabilities and Exposures (CVE). http://cve.mitre.org/

  7. Common Weakness Enumeration (CWE). https://cwe.mitre.org/data/index.html

  8. Doynikova, E., Kotenko, I.: Security assessment based on attack graphs and open standards for computer networks with mobile components. Res. Brief. Inf. Commun. Technol. Evol. 2, 5:1–5:11 (2016)

    Google Scholar 

  9. Frei, D.: Conducting a risk assessment for mobile devices. In: Central-VA-ISSA-May-2012-Meeting (2012)

    Google Scholar 

  10. Frigault, M., Wang, L., Singhal A., Jajodia, S.: Measuring network security using dynamic bayesian network. In: 2008 ACM Workshop on Quality of Protection (2008)

    Google Scholar 

  11. ISO/IEC 27005:2011: Information technology—Security techniques—Information security risk management, 2nd edn. (2011)

    Google Scholar 

  12. Kotenko, I., Chechulin, A.: A cyber attack modeling and impact assessment framework. In: 5th International Conference on Cyber Conflict 2013 (CyCon 2013), pp. 119–142. IEEE and NATO COE Publications, Tallinn (2013)

    Google Scholar 

  13. Kotenko, I., Doynikova, E.: Evaluation of computer network security based on attack graphs and security event processing. J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl. (JoWUA) 5(3), 14–29 (2014)

    Google Scholar 

  14. Kotenko, I., Doynikova, E.: Security assessment of computer networks based on attack graphs and security events. In: Linawati, Mahendra, M.S., Neuhold, E.J., Tjoa, A.M., You, I. (eds.) ICT-EurAsia 2014. LNCS, vol. 8407, pp. 462–471. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-55032-4_47

    Chapter  Google Scholar 

  15. Mell, P.: A Complete Guide to the Common Vulnerability Scoring System (2007)

    Google Scholar 

  16. NVD website. https://nvd.nist.gov/

  17. OWASP Mobile Checklist Final 2016. https://drive.google.com/file/d/0BxOPagp1jPHWYmg3Y3BfLVhMcmc/view

  18. Platform Enumeration (CPE). http://cpe.mitre.org/

  19. Jing, Y., Ahn, G.-J., Zhao, Z., Hu, H.: RiskMon: continuous and automated risk assessment of mobile applications. In: The 4th ACM Conference on Data and Application Security and Privacy, pp. 99–110 (2014)

    Google Scholar 

  20. Theoharidou, M., Mylonas, A., Gritzalis, D.: A risk assessment method for smartphones. In: Gritzalis, D., Furnell, S., Theoharidou, M. (eds.) SEC 2012. IAICT, vol. 376, pp. 443–456. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-30436-1_36

    Chapter  Google Scholar 

  21. Schneider, P. (ed.): Threat and Risk Analysis for Mobile Communication Networks and Mobile Terminals. Deliverable 5. Attack analysis and Security concepts for MObile Network infrastructures, supported by collaborative Information exchAnge project (2012)

    Google Scholar 

  22. Pandita, R., Xiao, X., Yang, W., Enck, W., Xie, T.: WHYPER: towards automating risk assessment of mobile applications. In: 22nd USENIX Conference on Security (SEC 2013), pp. 527–542 (2013)

    Google Scholar 

Download references

Acknowledgements

This research is being supported by the grants of the Russian Foundation of Basic Research (15-07-07451, 16-37-00338, 16-29-09482), partial support of budgetary subjects 0073-2015-0004 and 0073-2015-0007, and Grant 074-U01.

Author information

Authors and Affiliations

  1. St. Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences (SPIIRAS), St. Petersburg, Russia

    Elena Doynikova & Igor Kotenko

  2. St. Petersburg National Research University of Information Technologies, Mechanics and Optics, St. Petersburg, Russia

    Elena Doynikova & Igor Kotenko

Authors
  1. Elena Doynikova
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Igor Kotenko
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Igor Kotenko .

Editor information

Editors and Affiliations

  1. Department of Information Security Engineering, Soonchunhyang University, Chungcheongnam-do, Korea (Republic of)

    Ilsun You

  2. Tunghai University, Taichung, Taiwan

    Fang-Yie Leu

  3. Asia University, Taichung, Taiwan

    Hsing-Chung Chen

  4. SPIRAS, St. Petersburg, Russia

    Igor Kotenko

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Doynikova, E., Kotenko, I. (2018). An Automated Graph Based Approach to Risk Assessment for Computer Networks with Mobile Components. In: You, I., Leu, FY., Chen, HC., Kotenko, I. (eds) Mobile Internet Security. MobiSec 2016. Communications in Computer and Information Science, vol 797. Springer, Singapore. https://doi.org/10.1007/978-981-10-7850-7_9

Download citation

  • DOI: https://doi.org/10.1007/978-981-10-7850-7_9

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-10-7849-1

  • Online ISBN: 978-981-10-7850-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation