A New Method for Modeling and Evaluation of the Probability of Attacker Success

Security quantification is a topic that has gained a lot of interest in the research community during the recent years. In this paper, a new method is proposed for modeling and quantifying attack effects on a computer system. In this work, intrusion process is considered as atomic sequential steps. Each atomic step changes the current system state. On the other hand, system tries to prevent and detect the attacker activity and therefore can transfer the current system state to a secure state. Intrusion process modeling is done by a semi-Markov chain (SMC). Distribution functions assigned to SMC transitions are uniform distributions. Uniform distributions represent the sojourn time of the attacker or the system in the transient states. Then the SMC is converted into a discrete-time Markov chain (DTMC). The DTMC is analyzed and then the probability of attacker success is computed based on mathematical theorems. The SMC has two absorbing for representing success and failure states of intrusion process.