Simulating cyber attacks, defences, and consequences

Computers and Security

Volumn 18, Issue 6, 1999, Pages 479-518

  Cohen, Fred ^a  

^a SANDIA NATIONAL LABORATORIES   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTATIONAL COMPLEXITY; COMPUTER CRIME; COMPUTER NETWORKS; COMPUTER SIMULATION; DATA REDUCTION; PARALLEL PROCESSING SYSTEMS; RANDOM NUMBER GENERATION;

CYBER ATTACKS; INFORMATION PROTECTION;

SECURITY OF DATA;

EID: 0033299558     PISSN: 01674048     EISSN: None     Source Type: Journal    
DOI: 10.1016/S0167-4048(99)80115-1     Document Type: Article

References (8)

1. F. Cohen - "Managing network security - Risk management or risk analysis?", Network Securityt Magazine, March, 1997.
2. John D. Howard, An Analysis of Security Incidents on the Internet - 1989 - 1995 Engineering and Public Policy dissertation, Carnegie-Mellon University, April 7, 1997. Pittsburgh, Pennsylvania 15213 USA [This research analyzed trends in Internet security through an investigation of 4299 security-related incidents on the Internet reported to the CERT. Coordination Center (CERT./CC) from 1989 to 1995. Prior to this research, our knowledge of security problems on the Internet was limited and primarily anecdotal. This information could not be effectively used to determine what government policies and programmes should be, or to determine the effectiveness of current policies and programmes. This research accomplished the following: 1) development of a taxonomy for the classification of Internet attacks and incidents, 2) organization, classification, and analysis of incident records available at the CERT./CC, and 3) development of recommendations to improve Internet security, and to gather and distribute information about Internet security. With the exception of denial-of-service attacks, security incidents were generally found to be decreasing relative to the size of the Internet. The probability of any severe incident being reported if it was above average in terms of duration and number of sites, was around 1 out of 2.6. Estimates based on this research indicated that a typical Internet domain was involved in no more than around one incident per year, and a typical Internet host in around one incident every 45 years. The taxonomy of computer and network attacks developed for this research was used to present a summary of the relative frequency of various methods of operation and corrective actions. This was followed by an analysis of three subgroups: 1) a case study of one site that reported all incidents, 2) 22 incidents that were identified by various measures as being the most severe in the records, and 3) denial-of-service incidents. Data from all incidents and these three subgroups were used to estimate the totateams, and the US government.]
3. Edward G. Amoroso, Fundamentals of Computer Security Technology, Prentice-Hall PTR, Upper Saddle River, NJ, 1994.
4. C. E. Landwehr, Alan R. Bull, John P. McDermott, And William S. Choi, A taxonomy of computer security flaws, ACM Computing Surveys, Vol. 26, No. 3, September, 1994, pp. 211-254.
5. Fred Cohen, Cynthia Phillips, Laura Painton Swiler, Timothy Gaylor, Patricia Leary, Fran Rupley, Richard Isler, and Eli Dart A preliminary classification scheme for information system threats, attacks, and defences; a cause and effect model; and some analysis based on that model, Computers & Security, Elsevier. [This paper describes 37 different types of actors that may Cause Information System Failure (Threats), 94 different Mechanisms by Which Information Systems are Caused to Fail (Attacks), and 140 different Mechanisms Which May Prevent, Limit, Reduce, or Mitigate Harm (Defences). We describe a cause-effect model of information system attacks and defences, based on the notions that particular threats use particular attacks to cause desired consequences and successful defenders use particular defensive measures to defend successfully against those attacks and thus limit the consequences. Human defenders and attackers also use a variety of different viewpoints to understand and analyze their attacks and defenses, and this notion is also brought to bear. We then describe some analytical methods by which this model may be analyzed to derive useful information from available and uncertain information. This useful information can then be applied to meeting the needs of defenders (or if turned on its head attackers) to find effective and minimal cost defences (or attacks) on information systems. Next we consider the extension of this method to networks and describe a system that implements some of these notions in an experimental test-bed called HEAT.]
6. F. Cohen, Managing network security - The milisecond fantasy, Network Security, March, 1999, Elsevier [A lot of people have screwy notions about computers that are promoted by and in the media, and many of them get embedded in our psyche without being rationally reviewed. One of the most important ones to understand from a standpoint of managing network security is the fallacy of the time assumptions people commonly make about computers... This paper gives specific times associated with various attack and defence techniques.]
7. J. Rochlis And M. Eichin, With Microscope and Tweezers: The Worm from MIT's Perspective, CACM 32#6, June, 1989 [This paper describes how one team dissected the Internet Virus of 1988 and what the virus contained.]
8. F. Cohen, Relativistic risk analysis, Network Security Magazine, June, 1997. [This article examines risk analysis using relativistic rather than absolute measures.]