Probability Analysis of Cyber Attack Paths against Business and Commercial Enterprise Systems

Author

Dudorov, Dmitry ; Stupples, David ; Newby, Martin

Author_Institution

Sch. of Eng. & Math. Sci., City Univ. London, London, UK

fYear

2013

fDate

12-14 Aug. 2013

Firstpage

38

Lastpage

44

Abstract

The level of risk of attack from new cyber-crime related malware is difficult to quantify as standard risk analysis models often take an incomplete view of the overall system. In order to understand the full malware risk faced by organisations any model developed to support the analysis must be able to address a statistical combination of all feasible attack scenarios. Moreover, since all parametric aspects of a sophisticated cyber attack cannot be quantified, a degree of expert judgement needs to be applied. We develop a modeling approach that will facilitate risk assessment of common cyber attack scenarios together with likely probabilities of successful attack for each scenario. The paper demonstrates through use cases how a combined attack can be assessed.

Keywords

business data processing; invasive software; organisational aspects; probability; risk management; business systems; commercial enterprise systems; cyber attack paths; cyber-crime related malware; feasible attack scenarios; full malware risk; organisations; probability analysis; risk assessment; sophisticated cyber-attack; standard risk analysis models; Bluetooth; Electronic mail; Grippers; Malware; Mobile handsets; Probability; cyber-security; cyber-terrorism; malware; probability of cyber-attack; risk analysis;

fLanguage

English

Publisher

ieee

Conference_Titel

Intelligence and Security Informatics Conference (EISIC), 2013 European

Conference_Location

Uppsala

Type

conf

DOI

10.1109/EISIC.2013.13

Filename

6657123