Title :
Risk assessment and analysis through population-based attack graph modelling
Author :
Alhomidi, M. ; Reed, M.
Author_Institution :
Sch. of Comput. Sci. & Electron. Eng., Univ. of Essex, Colchester, UK
Abstract :
Attack graphs are models that offer significant capabilities to analyse security in network systems because they can represent vulnerabilities, exploits and conditions for each attack in a single unifying model. This paper proposes a methodology to explore the graph. Each attack path is considered as an independent attack scenario from the source of attack to the target. The attack graph-based risk assessment model helps organisations and decision makers to make appropriate decisions in terms of security risks. We develop a genetic algorithm (GA) approach to determine the risks of attack paths and produce useful numeric values for the overall risk of a given network. The population-based strategy of a GA provides a natural way of exploring a large number of possible attack paths to find the paths that are most important.
Keywords :
decision making; genetic algorithms; graph theory; information systems; organisational aspects; risk management; security of data; GA approach; decision makers; genetic algorithm; graph based risk assessment model; independent attack; information system; network systems; organisational aspect; population based attack graph modelling; risk analysis; Genetic algorithms; Measurement; Optimization; Risk management; Security; Sociology; Statistics; Attack graph; attack likelihood; attack loss; genetic algorithm; security attack; security risk assessment;
Conference_Titel :
Internet Security (WorldCIS), 2013 World Congress on
Conference_Location :
London
DOI :
10.1109/WorldCIS.2013.6751011
