A quantitative model of the security intrusion process based on attacker behavior
作者: E. Jonsson , T. Olovsson
DOI: 10.1109/32.588541
关键词:
摘要: The paper is based on a conceptual framework in which security can be split into two generic types of characteristics, behavioral and preventive. Here, preventive denotes the system's ability to protect itself from external attacks. One way describe system terms its interaction with alleged attacker, i.e., by describing intrusion process. To our knowledge, very little done model this process quantitative terms. Therefore, empirical data collected experiments, we have worked out hypothesis typical attacker behavior. suggests that attacking three phases: learning phase, standard attack innovative phase. probability for successful attacks during phases expected small, although different reasons. During phase it considerably higher. indicates breaches are statistically equivalent times between exponentially distributed. This would actually imply traditional methods reliability modeling could applicable.
chalmers.se
core.ac.uk
acm.org
sci-hub.se 参考文章(15)
Bev Littlewood, Sarah Brocklehurst, Norman Fenton, Peter Mellor, Stella Page, David Wright, John Dobson, John McDermid, Dieter Gollmann, Towards Operational Measures of Computer Security: Concepts Springer, Berlin, Heidelberg. pp. 537- 553 ,(1995) , 10.1007/978-3-642-79789-7_30
Erland Jonsson, Mikael Andersson, On the quantitative assessment of behavioural security australasian conference on information security and privacy. pp. 228- 241 ,(1996) , 10.1007/BFB0023302
Tomas Olovsson, Ulf Gustafson, Erland Jonsson, Security Evaluation of a PC Network based on Intrusion Experiments computer and communications security. pp. 187- 203 ,(1996)
Tomas Olovsson, Erland Jonsson, On the Integration of Security and Dependability in Computer Systems IASTED International Conference on Reliability, Quality Control and Risk Assessment Washington DC, USA, 1992, ISBN 0-88986-171-4. pp. 93- 97 ,(1992)
Ulf Gustafson, Erland Jonsson, Tomas Olovsson, On the modelling of preventive security based on a PC network intrusion experiment australasian conference on information security and privacy. ,vol. 1172, pp. 242- 252 ,(1996) , 10.1007/BFB0023303
Tomas Olovsson, Erland Jonsson, Sarah Brocklehurst, Bev Littlewood, Towards operational measures of computer security: Experimentation and modelling Predictably Secure Computing Systems. pp. 555- 569 ,(1995) , 10.1007/978-3-642-79789-7_31
S. Brocklehurst, B. Littlewood, T. Olovsson, E. Jonsson, On measurement of operational security IEEE Aerospace and Electronic Systems Magazine. ,vol. 9, pp. 7- 16 ,(1994) , 10.1109/62.318876
C. Richard Attanasio, Peter W. Markstein, Ray J. Phillips, None, Penetrating an operating system: a study of VM/370 integrity IBM Systems Journal. ,vol. 15, pp. 102- 116 ,(1976) , 10.1147/SJ.151.0102
Peter D. Goldis, Questions and Answers about Tiger Teams EDPACS. ,vol. 17, pp. 1- 10 ,(1989) , 10.1080/07366988909450562
I.S. Herschberg, Make the tigers hunt for you Computers & Security. ,vol. 7, pp. 197- 203 ,(1988) , 10.1016/0167-4048(88)90336-7