Incorporating attacker behavior in stochastic models of security

Proceedings of The 2005 International Conference on Security and Management, SAM'05

Volumn , Issue , 2005, Pages 79-85

  Sallhammar, Karin ^a   Helvik, Bjarne E ^a   Knapskog, Svein J ^a  

^a NORWEGIAN UNIVERSITY OF SCIENCE AND TECHNOLOGY   (Norway)

Author keywords

Attacker behavior; Game theory; Quantitative security; Stochastic modelling

Indexed keywords

ATTACKER BEHAVIOR; ILLUSTRATIVE EXAMPLES; OPERATIONAL SECURITIES; QUANTITATIVE SECURITY; RELIABILITY METHODOLOGIES; SECURITY EVALUATIONS; STOCHASTIC MODELLING; THREAT ENVIRONMENTS; TRANSITION RATE MATRIXES;

RANDOM PROCESSES; STOCHASTIC CONTROL SYSTEMS; STOCHASTIC MODELS;

GAME THEORY;

EID: 62349112614     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (16)

1. T. Alpcan and T. Basar. A game theoretic approach to decision and analysis in network intrusion detection. In Proceedings of the 42nd IEEE Conference on Decision and Control, 2003.
2. K. B. B. Madan, K. Vaidyanathan Goseva-Popstojanova, and K. S. Trivedi. A method for modeling and quantifying the security attributes of intrusion tolerant systems. In Performance Evaluation, volume 56, 2004.
3. ISO/IEC 13335: Information Technology - Guidelines for the management of IT Security, http://www.iso.ch.
4. ISO 15408: Common Criteria for Information Technology Security Evaluation, 1999. http://www.commoncriteria.org/.
5. S. Jha, O. Sheyner, and J. Wing. Two formal analyses of attack graphs. In Proceedings of the 2002 Computer Security Foundations Workshop, 2002.
6. B. Littlewood, S. Brocklehurst, N. Fenton, P. Mellor, S. Page, D. Wright, J. Dobson, McDermid J., and D. Gollmann. Towards operational measures of computer security. Journal of Computer Security, 2:211-229, Oct 1993.
7. Peng Liu and Wanyu Zang. Incentive-based modeling and inference of attacker intent, objectives, and strategies. In Proceedings of the 10th ACM conference on Computer and communication security, pages 179-189, 2003.
8. K. Lye and J. M. Wing. Game strategies in network security. In Proceedings of the 15th IEEE Computer Security Foundations Workshop, 2002.
9. B.B. Madan, K. Vaidyanathan, and K.S. Trivedi. Modeling and quantification of security attributes of software systems. In Proceedings of the International Conference on Dependable Systems and Networks (DSN'02), 2002.
10. David M. Nicol, William H. Sanders, and Kishor S. Trivedi. Model-based evaluation: From dependability to security. IEEE Transactions on Dependable and Secure Computing, 1:48-65, January-March 2004.
11. R. Ortalo, Y. Deswarte, and M. Kaaniche. Experimenting with quantitative evaluation tools for monitoring operational security. IEEE Transactions on Software Engineering 25(5):633-650, Sept/Oct 1999.
12. G. Owen. Game Theory. Academic Press, 2 edition, 1982.
13. The Honeynet Project. Know Your Enemy. Addison-Wesley, 2 edition, 2004.
14. K. Sallhammar, S.J. Knapskog, and B.E. Helvik. Using stochastic game theory to compute the expected behavior of attackers. In Proceedings of the 2005 International Symposium on Applications and the Internet Workshops (Saint2005)., 2005.
15. S. Singh, M. Cukier, and W.H. Sanders. Probabilistic validation of an intrusion-tolerant replication system. In de Bakker, J.W., de Roever, W.-P., and Rozenberg, G., editors, International Conference on Dependable Systems and Networks (DSN'03), June 2003.
16. D. Wang, B.B. Madan, and K.S. Trivedi. Security analysis of sitar intrusion tolerance system. ACM SSRS '03, 2003.