Title :
Probability Analysis of Cyber Attack Paths against Business and Commercial Enterprise Systems
Author :
Dudorov, Dmitry ; Stupples, David ; Newby, Martin
Author_Institution :
Sch. of Eng. & Math. Sci., City Univ. London, London, UK
Abstract :
The level of risk of attack from new cyber-crime related malware is difficult to quantify as standard risk analysis models often take an incomplete view of the overall system. In order to understand the full malware risk faced by organisations any model developed to support the analysis must be able to address a statistical combination of all feasible attack scenarios. Moreover, since all parametric aspects of a sophisticated cyber attack cannot be quantified, a degree of expert judgement needs to be applied. We develop a modeling approach that will facilitate risk assessment of common cyber attack scenarios together with likely probabilities of successful attack for each scenario. The paper demonstrates through use cases how a combined attack can be assessed.
Keywords :
business data processing; invasive software; organisational aspects; probability; risk management; business systems; commercial enterprise systems; cyber attack paths; cyber-crime related malware; feasible attack scenarios; full malware risk; organisations; probability analysis; risk assessment; sophisticated cyber-attack; standard risk analysis models; Bluetooth; Electronic mail; Grippers; Malware; Mobile handsets; Probability; cyber-security; cyber-terrorism; malware; probability of cyber-attack; risk analysis;
Conference_Titel :
Intelligence and Security Informatics Conference (EISIC), 2013 European
Conference_Location :
Uppsala
DOI :
10.1109/EISIC.2013.13
