A Probabilistic Approach to Estimate the Damage Propagation of Cyber Attacks
With rapid development in the Internet technology, business management in an organization becomes dependent on network dependency and cohesiveness in a critical information and communications infrastructure. However, the occurrence of cyber attacks has increased, targeted against vulnerable resources in information systems. Hence, in order to protect private information and computer resources, risk analysis and damage propagation need to be studied. However, the existing models present mechanisms for risk management, and these models can only be applied to specified threats such as a virus or a worm. Therefore, a probabilistic model for damage propagation based on Markov process is proposed, which can be applied to diverse threats in information systems. The proposed model enables us to predict the occurrence probability and occurrence frequency of each threat in the information systems.
KeywordsMarkov Process Transition Matrix Initial Probability Past Data State Transition Matrix
Unable to display preview. Download preview PDF.
- 2.Stoneburner, G., Goguen, A., Feringa, A.: Risk Management Guide for Information Technology Systems, NIST Special Publication 800-30, NIST (2002)Google Scholar
- 3.GAO: Information Security Risk Assetment-Practices of Leading Organizations. GAO/AIMD-00-33 (1999)Google Scholar
- 5.Yates, R.D., Goodman, D.J.: Probability and Stochastic Process, 2nd edn. Wiley International, Chichester (2003)Google Scholar
- 6.KISA: Statistics and Analysis on Hacking and Virus, http://www.krcert.or.kr
- 9.Staniford, S., Paxson, V., Weaver, N.: How to Own the Internet in Your Spare Time. In: The proceedings of the 11th USENIX Security Symposium (Security 2002) (2002)Google Scholar
- 10.Zou, C.C., Gong, W., Towsley, D.: Worm Propagation Modeling and Analysis under Dynamic Quarantine Defense. In: ACM CCS Workshop on Rapid Malcode (WORM 2003) (2003)Google Scholar
- 11.Zou, C.C., Gong, W., Towsley, D.: Code Red Worm Propagation Modeling and Analysis. In: The proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 138–147 (2002)Google Scholar
- 12.Moore, D., Shannon, C., Voelker, G.M., Savage, S.: Internet Quarantine: Requirements for Containing Self-Propagating Code. The proceedings of IEEE INFOCOM (2003)Google Scholar
- 13.Chen, Z., Gao, L., Kwiat, K.: Modeling the Spread of Active Worms. The proceedings of IEEE INFOCOM 2003 (2003)Google Scholar
- 14.Vogt, T.: Simulating and Optimising Worm Propagation Algorithms (2003), http://web.lemuria.org/security/WormPropagation.pdf