Download now Free registration required
The authors propose a novel approach for statistical risk modeling of network attacks that lets an operator perform risk analysis using a data model and an impact model on top of an attack graph in combination with a statistical model of the attacker community exploitation skill. The data model describes how data flows between nodes in the network-how it is copied and processed by softwares and hosts-while the impact model models how exploitation of vulnerabilities affects the data flows with respect to the confidentiality, integrity and availability of the data. In addition, by assigning a loss value to a compromised data set, the authors can estimate the cost of a successful attack.
- Format: PDF
- Size: 299.5 KB