Vulnerability Assessment Simulation for Information Infrastructure Protection

  • HyungJong Kim
  • KyungHee Koh
  • DongHoon Shin
  • HongGeun Kim
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2437)

Abstract

The main contribution of this research is to present the method that make it possible to assess the vulnerability in the information infrastructure using simulation technology. To construct the vulnerability assessment simulation system, we make use of the knowledge-based simulation modeling methodology and we designed expressions to estimate the degree of vulnerability of host. Also, we show newly defined vulnerability analysis method that is applicable to vulnerability assessment simulation system. As research results, the vulnerability assessment simulation system and VDBFS(Vulnerability DataBase For Simulator) are constructed.

Keywords

Vulnerability Assessment Vulnerability Analysis Information Infrastructure Modeling and Simulation Knowledge-Based Simulation 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    F. Cohen, “Simulating Cyber Attacks, Defences, and Consequences,” Computer & Security, Vol.18, pp. 479–518, 1999.CrossRefGoogle Scholar
  2. 2.
    A. P. Moore, R. J. Ellison and R. C. Linger, “Attack Modeling for Information Security and Survivability,” Technical Report No. CMU/SEI-2001-TR-001, Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, March, 2001.Google Scholar
  3. 3.
    M. Bishop, “Vulnerabilities Analysis”, Proceedings of the Recent Advances in Intrusion Detection, September, pp. 125–136, 1999.Google Scholar
  4. 4.
    B. P. Zeigler, H. Praehofer and T. Kim, “Theory of Modeling and Simulation, Second Edition”, Academic Press, 2000.Google Scholar
  5. 5.
    A. M. Law and W. D. Kelton, “Simulation Modeling and Analysis, Third Edition”, McGraw Hill, 2000Google Scholar
  6. 6.
    N. Ye and J. Giordano, “CACA-A Process Control Approach to Cyber Attack Detection”, Communications of the ACM, Vol.44(8), pp. 76–82, 2001.CrossRefGoogle Scholar
  7. 9.
    Avolio and Blask, “Application Gateways and Stateful Inspection: A Brief Note Comparing and Contrasting,” Trusted Information System, Inc., 1998.Google Scholar
  8. 10.
    T. Cho and H. Kim, “DEVS Simulation of Distributed Intrusion Detection System,” Transactions of the Society for Computer Simulation International, vol. 18, no. 3, September, 2001.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • HyungJong Kim
    • 1
  • KyungHee Koh
    • 1
  • DongHoon Shin
    • 1
  • HongGeun Kim
    • 1
  1. 1.Korea Information Security AgencySeoulKorea

Personalised recommendations