Advertisement

A Probabilistic Approach to Estimate the Damage Propagation of Cyber Attacks

  • Young-Gab Kim
  • Taek Lee
  • Hoh Peter In
  • Yoon-Jung Chung
  • InJung Kim
  • Doo-Kwon Baik
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3935)

Abstract

With rapid development in the Internet technology, business management in an organization becomes dependent on network dependency and cohesiveness in a critical information and communications infrastructure. However, the occurrence of cyber attacks has increased, targeted against vulnerable resources in information systems. Hence, in order to protect private information and computer resources, risk analysis and damage propagation need to be studied. However, the existing models present mechanisms for risk management, and these models can only be applied to specified threats such as a virus or a worm. Therefore, a probabilistic model for damage propagation based on Markov process is proposed, which can be applied to diverse threats in information systems. The proposed model enables us to predict the occurrence probability and occurrence frequency of each threat in the information systems.

Keywords

Markov Process Transition Matrix Initial Probability Past Data State Transition Matrix 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    In, H.P., Kim, Y.-G., Lee, T., Moon, C.-J., Jung, Y., Kim, I.: A Security Analysis Model for Information Systems. In: Baik, D.-K. (ed.) AsiaSim 2004. LNCS (LNAI), vol. 3398, pp. 505–513. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  2. 2.
    Stoneburner, G., Goguen, A., Feringa, A.: Risk Management Guide for Information Technology Systems, NIST Special Publication 800-30, NIST (2002)Google Scholar
  3. 3.
    GAO: Information Security Risk Assetment-Practices of Leading Organizations. GAO/AIMD-00-33 (1999)Google Scholar
  4. 4.
    Trivedi, K.S.: Probability and Statistics with Reliability, Queuing and Computer Science Applications, 2nd edn. Wiley Interscience, Chichester (2002)MATHGoogle Scholar
  5. 5.
    Yates, R.D., Goodman, D.J.: Probability and Stochastic Process, 2nd edn. Wiley International, Chichester (2003)Google Scholar
  6. 6.
    KISA: Statistics and Analysis on Hacking and Virus, http://www.krcert.or.kr
  7. 7.
    Frauenthal, J.C.: Mathematical Modeling in Epidemiology. Springer, New York (1980)CrossRefMATHGoogle Scholar
  8. 8.
    Deley, D.J., Gani, J.: Epidemic Modeling: An Introduction. Cambridge University Press, Cambridge (1999)CrossRefGoogle Scholar
  9. 9.
    Staniford, S., Paxson, V., Weaver, N.: How to Own the Internet in Your Spare Time. In: The proceedings of the 11th USENIX Security Symposium (Security 2002) (2002)Google Scholar
  10. 10.
    Zou, C.C., Gong, W., Towsley, D.: Worm Propagation Modeling and Analysis under Dynamic Quarantine Defense. In: ACM CCS Workshop on Rapid Malcode (WORM 2003) (2003)Google Scholar
  11. 11.
    Zou, C.C., Gong, W., Towsley, D.: Code Red Worm Propagation Modeling and Analysis. In: The proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 138–147 (2002)Google Scholar
  12. 12.
    Moore, D., Shannon, C., Voelker, G.M., Savage, S.: Internet Quarantine: Requirements for Containing Self-Propagating Code. The proceedings of IEEE INFOCOM (2003)Google Scholar
  13. 13.
    Chen, Z., Gao, L., Kwiat, K.: Modeling the Spread of Active Worms. The proceedings of IEEE INFOCOM 2003 (2003)Google Scholar
  14. 14.
    Vogt, T.: Simulating and Optimising Worm Propagation Algorithms (2003), http://web.lemuria.org/security/WormPropagation.pdf

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Young-Gab Kim
    • 1
  • Taek Lee
    • 1
  • Hoh Peter In
    • 1
  • Yoon-Jung Chung
    • 2
  • InJung Kim
    • 2
  • Doo-Kwon Baik
    • 1
  1. 1.Department of Computer Science and Engineering Korea UniversitySeoulKorea
  2. 2.Electronics and Telecommunications and Research InstituteDaejeonKorea

Personalised recommendations