Skip to main content
SpringerLink
Log in

Cyber Security Risk Assessment of a DDoS Attack

  • Conference paper
  • First Online:
Information Security (ISC 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9866))

Included in the following conference series:

Abstract

This paper proposes a risk assessment process based on distinct classes and estimators, which we apply to a case study of a common communications security risk; a distributed denial of service attack (DDoS) attack. The risk assessment’s novelty lies in the combination both the quantitative (statistics) and qualitative (subjective knowledge-based) aspects to model the attack and estimate the risk. The approach centers on estimations of assets, vulnerabilities, threats, controls, and associated outcomes in the event of a DDoS, together with a statistical analysis of the risk. Our main contribution is the process to combine the qualitative and quantitative estimation methods for cyber security risks, together with an insight into which technical details and variables to consider when risk assessing the DDoS amplification attack.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. 2014–2015 DDoS attack duration and magnitude dataset. Technical report, Akamai Technologies (2015)

    Google Scholar 

  2. Information technology, security techniques, ISMS, overview and vocabulary, ISO/IEC 27000:2014 (2014)

    Google Scholar 

  3. Information technology, security techniques, information security risk management, ISO/IEC 27005:2011 (2011)

    Google Scholar 

  4. Aven, T.: Misconceptions of Risk. Wiley, New York (2011)

    MATH  Google Scholar 

  5. Aven, T.: The risk concept - historical and recent development trends. Reliab. Eng. Syst. Saf. 99, 33–44 (2012)

    Article  Google Scholar 

  6. Blakley, B., McDermott, E., Geer, D.: Information security is information risk management. In: Proceedings of the 2001 Workshop on New Security Paradigms, pp. 97–104. ACM (2001)

    Google Scholar 

  7. Caralli, R.A., Stevens, J.F., Young, L.R., Wilson, W.R.: Introducing octave allegro: Improving the information security riskassessment process. Technical report, DTIC Document (2007)

    Google Scholar 

  8. Freund, J., Jones, J.: Measuring and Managing Information Risk: A FAIR Approach. Butterworth-Heinemann, Newton (2014)

    Google Scholar 

  9. Gregory, P.H.: All in One - CISA - Certified Information Systems Auditor - Exam Guide. McGraw-Hill Companies, New York (2012)

    Google Scholar 

  10. Hilden, A.E.: UDP-Based DDoS Amplification Attacks. Norwegian Security Authority (NSM). Lecture held at NTNU (Gjøvik), 7 October 2015

    Google Scholar 

  11. Kahneman, D.: Thinking, Fast and Slow. Macmillan, New York (2011)

    Google Scholar 

  12. Kaplan, S., Garrick, B.J.: On the quantitative definition of risk. Risk Anal. 1(1), 11–27 (1981)

    Article  Google Scholar 

  13. Pipkin, D.L.: Halting the Hacker: A Practical Guide to Computer Security, 2nd edn. Pearson Education, New York (2003)

    Google Scholar 

  14. Shalaginov, A., Franke, K.: A new method of fuzzy patches construction in neuro-fuzzy for malware detection. In: IFSA-EUSFLAT. Atlantis Press (2015)

    Google Scholar 

  15. Taleb, N.N.: Errors, robustness, and the fourth quadrant. Int. J. Forecast. 25(4), 744–759 (2009)

    Article  Google Scholar 

  16. Taleb, N.N., Swan, T.B.: The Impact of the Highly Improbable, 2nd edn. Random House LLC, New York (2010)

    Google Scholar 

  17. Wangen, G., Hallstensen, C., Snekkenes, E.: A framework for estimating information security risk assessment method completeness - core unified risk framework. Submitted for Review (2016)

    Google Scholar 

  18. Wangen, G., Shalaginov, A.: Quantitative risk, statistical methods and the four quadrants for information security. In: Lambrinoudakis, C., Gabillon, A. (eds.) CRiSIS 2015. LNCS, vol. 9572, pp. 127–143. Springer, Heidelberg (2016). doi:10.1007/978-3-319-31811-0_8

    Chapter  Google Scholar 

  19. Wangen, G., Snekkenes, E.A.: A comparison between business process management and information security management. In: Paprzycki, M., Ganzha, M., Maciaszek, L. (ed.) Proceedings of the 2014 Federated Conference on Computer Science and Information Systems, vol. 2, pp. 901–910. IEEE (2014). Annals of Computer Science and Information Systems

    Google Scholar 

Download references

Acknowledgements

The authors acknowledge Professors Einar Snekkenes, Katrin Franke, and Dr. Roberto Ferreira Lopes from NTNU, Anders Einar Hilden from the Norwegian Security Authority (NSM), Karine Gourdon-Keller, David Fernandez, and Martin McKeay from Akamai. Also, the support from the COINS Research School for InfoSec is highly appreciated. Lastly, we acknowledge the contributions made by the anonymous reviewers.

Author information

Authors and Affiliations

  1. NISlab, Norwegian Security Laboratory, Center for Cyber and Information Security, Gjøvik, Norway

    Gaute Wangen & Andrii Shalaginov

  2. IT Services, NTNU, Trondheim, Norway

    Christoffer Hallstensen

Authors
  1. Gaute Wangen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andrii Shalaginov
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Christoffer Hallstensen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gaute Wangen .

Editor information

Editors and Affiliations

  1. University of California , Davies, USA

    Matt Bishop

  2. University of Washington , Tacoma, Washington, USA

    Anderson C A Nascimento

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Wangen, G., Shalaginov, A., Hallstensen, C. (2016). Cyber Security Risk Assessment of a DDoS Attack. In: Bishop, M., Nascimento, A. (eds) Information Security. ISC 2016. Lecture Notes in Computer Science(), vol 9866. Springer, Cham. https://doi.org/10.1007/978-3-319-45871-7_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-45871-7_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-45870-0

  • Online ISBN: 978-3-319-45871-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation