A novel architecture for predictive cybersecurity using non-homogenous markov models

Proceedings - 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2015

Volumn 1, Issue , 2015, Pages 774-781

  Abraham, Subil ^a   Nair, Suku ^b  

^a IBM   (United States)

^b Department of Computer Science   (United States)

Author keywords

Attack Graph; CVSS; Cyber Situational Awareness; Markov Model; Security Metrics; Vulnerability Discovery Model; Vulnerability Lifecycle Model

Indexed keywords

MARKOV PROCESSES; RISK ASSESSMENT; SECURITY OF DATA;

ATTACK GRAPH; CVSS; LIFE CYCLE MODEL; MARKOV MODEL; SECURITY METRICS; SITUATIONAL AWARENESS; VULNERABILITY DISCOVERY;

NETWORK SECURITY;

EID: 84967333002     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/Trustcom.2015.446     Document Type: Conference Paper

References (41)

1. Executive Office of the President of The U.S. Cyberspace policy review, 2009.
2. US Government Accountability Office Reports and Recommendations, http://www.gao.gov/key-issues/cybersecurity
3. Bloomberg. As data breach woes continue, target's ceo resigns, May 2014.
4. A. Oluwaseun, Z. Pavol, L. Dale, R. Ron, "An Analysis of CVSS v2 Environmental Scoring" Privacy, Security, Risk and Trust (PASSAT) Date: 9-11 Oct. 2011
5. M. Schiffman, "Common Vulnerability Scoring System (CVSS)," http://www.first.org/cvss
6. Assad Ali, Pavol Zavarsky, Dale Lindskog, and Ron Ruhl, " A Software Application to Analyze Affects of Temporal and Environmental Metrics on Overall CVSS v2 Score", Concordia University College of Alberta, Edmonton, Canada, October 2010.
7. National Vulnerability Database 2014.
8. R. Ortalo, Y. Deswarte, and M. Kaaniche, "Experimenting with quantitative evaluation tools for monitoring operational security," IEEE Transactions on Software Engineering, vol. 25, pp. 633-650, September 1999.
9. W. Li and R. Vaughn, "Cluster security research involving the modeling of network exploitations using exploitation graphs," in Sixth IEEE International Symposium on Cluster Computing and Grid Workshops, May 2006.
10. N. Idika and B. Bhargava, "Extending attack graph-based security metrics and aggregating their application," Dependable and Secure Computing, IEEE Transactions on, no. 99, pp. 1-1, 2010.
11. L. Wang, A. Singhal, and S. Jajodia, "Toward measuring network security using attack graphs," in Proceedings of the 2007 ACM workshop on Quality Protection, pp. 49-54, 2007.
12. Trivedi KS, Kim DS, Roy A,Medhi D. Dependability and security models. Proc. DRCN, IEEE, 2009; 11-20.
13. A Roy, D S Kim, and K S. Trivedi. Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees.J. of Security and Communication Networks, SI: Insider Threats, 2011.
14. O. Sheyner, J. W. Haines, S. Jha, R. Lippmann, and J. M. Wing, "Automated generation and analysis of attack graphs," in IEEE Symposium on Security and Privacy, 2002, pp. 273-284.
15. Xinming, O., Sudhakar, G., and Appel, A. Mulval: A logic-based network security analyzer. In 14th USENIX Security Symposium (2005).
16. S. Jajodia and S. Noel, "Advanced Cyber Attack Modeling, Analysis, and Visualization," George Mason University, Fairfax, VA, Technical Report 2010.
17. S DoD, MIL-STD-1785, "System security engineering program management requirements," 1988.
18. M. Dacier, Y. Deswarte, "Privilege Graph: an Extension to the Typed Access Matrix Model,"Proc. ESORICS, 1994.
19. C. Phillips, L.P. Swiler, "A graph-based system for network-vulnerability analysis,"Proc. WNSP'98, pp.71-79.
20. L. Swiler, C. Phillips, D. Ellis, S. Chakerian, "Computer-attack graph generation tool," Proc. DISCEX01, pp.307-321.
21. S. Abraham and S. Nair, "Cyber Security Analytics: A stochastic model for Security Quantification using Absorbing Markov Chains" Journal of Communications 2014, Volume 9 pp 899-907.
22. S. Abraham and S. Nair, "Predictive Cyber Security Analytics Framework: A non-homogenous Markov Model for Security Quantification". International Conference of Security, Privacy and Trust Management(SPTM) December 2014.
23. K. S. Trivedi, Probability and Statistics with Reliability, Queuing, and Computer Science
24. R. A. Sahner, K. S. Trivedi, and A. Puliafito, Performance and Reliability Analysis of Computer Systems: An Example-Based Approach Using the SHARPE Software Package. Kluwer Academic Publishers,1996.
25. K. Sallhammar, B. Helvik, and S. Knapskog, "On stochastic modeling for integrated security and dependability evaluation," Journal of Networks, vol. 1, 2006.
26. Xinming Ou, Sudhakar Govindavajhala, and Andrew W. Appel. MulVAL: A logic-based network security analyzer. In
27. S. Jajodia and S. Noel, "Advanced Cyber Attack Modeling, Analysis, and Visualization," George Mason University, Fairfax, VA, Technical Report 2010.
28. Shengwei Yi, Yong Peng, Qi Xiong, Ting Wang, Zhonghua Dai, Haihui Gao, Junfeng Xu, Jiteng Wang and Lijuan Xu "Overview on attack graph generation and visualization technology", Anti-Counterfeiting, Security and Identification (ASID), 2013 IEEE International Conference on, Issue Date: Oct. 2013.
29. W. Arbaugh, W. Fithen, and J. McHugh, "Windows of vulnerability: a case study analysis," Computer, vol. 33, no. 12, pp. 52-59, Dec 2000
30. N. Fischbach, "Le cycle de vie d'une vulnrabilit," http://www.securite.org, 2003.
31. J. Jones, "Estimating software vulnerabilities," Security &Privacy,IEEE, vol. 5, no. 4, pp. 28-32, July-Aug. 2007.
32. Frei, S., Fiedler, U., May, M., and Plattner, B. Large-scale vulnerability analysis. In Proceedings of the 2006 SIGCOMM workshop on Largescale attack defense (2006), pp. 131-138
33. Ross Anderson. Security in open versus closed systems\-The dance of Boltzmann, Coase and Moore. In Proceedings of Open Source Software: Economics, Law and Policy, 2002
34. Omar Alhazmi and Yashwant Malaiya. Modeling the vulnerability discovery process. In Proceedings of the 16th IEEE International Symposium on Software Reliability Engineering (ISSRE'05), pages 129-138, 2005.
35. Eric Rescorla. Is finding security holes a good idea? IEEE Security and Privacy, 3(1):14-19, 2005.
36. HyunChul Joh, Jinyoo Kim, and Yashwant Malaiya. Vulnerability discovery modeling using Weibull distribution. In Proceedings of the 19th IEEE International Symposium on Software Reliability Engineering (ISSRE'08), pages 299-300, 2008.
37. Awad Younis, HyunChul Joh, and Yashwant Malaiya. Modeling learningless vulnerability discovery using a folded distribution. In Proceeding of the Internaltional Conference Security and Management (SAM'11), pages 617-623, 2011.
38. L. Wang, T. Islam, T. Long, A. Singhal, and S. Jajodia, "An attack graphbased probabilistic security metric," DAS 2008, LNCS 5094, pp. 283-296, 2008.
39. L. Wang, A. Singhal, and S. Jajodia, "Measuring overall security of network configurations using attack graphs," Data and Applications Security XXI, vol. 4602, pp. 98-112, August 2007.
40. A. Kundu, N. Ghosh, I. Chokshi and SK. Ghosh, "Analysis of attack graph-based metrics for quantification of network security", India Conference (INDICON), IEEE, pages 530-535, 2012.
41. S. Jajodia and S. Noel, "Advanced Cyber Attack Modeling, Analysis, and Visualization," George Mason University, Fairfax, VA, Technical Report 2010.