Title :
Comparing Attacks: An Approach Based on Interval Computation and Fuzzy Integration
Author :
Ceberio, Martine ; Modave, François ; Wang, Xiaojing
Author_Institution :
Texas Univ., El Paso, TX
Abstract :
The aim of this paper is to present a theoretically sound approach to evaluate the impact of an attack on a computer system. However, let us note that this approach is general enough to be applied to any critical infrastructure. More specifically, we propose to use fuzzy measures and integrals, in a decision-theoretic setting to measure the consequences of an attack on a computer network. Any computer system has vulnerabilities which can be exploited. If someone uses these vulnerabilities, valuable information may be lost, stolen, corrupted, or misused. This is particularly important for systems that are part of critical infrastructures. Therefore, it is crucial to be able to quantify the impact that an attack may have on a computer system, in terms of confidentiality, availability and integrity (CIA). Once the impact quantification is available, it is possible to design sound strategies to protect systems. A very natural approach to weigh the consequences of an attack is to use multi-criteria decision making (MCDM) techniques
Keywords :
data integrity; data privacy; decision making; decision theory; fuzzy set theory; security of data; attack consequence measurement; computer network; computer system attacks; computer system vulnerability; critical infrastructure; decision theory; fuzzy integration; fuzzy measures; impact quantification; interval computation; multicriteria decision making; system availability; system confidentiality; system integrity; valuable information; Computer crime; Computer networks; Decision making; File servers; Fuzzy sets; Fuzzy systems; IP networks; Internet; Network servers; Protection;
Conference_Titel :
Fuzzy Systems, 2005. FUZZ '05. The 14th IEEE International Conference on
Conference_Location :
Reno, NV
Print_ISBN :
0-7803-9159-4
DOI :
10.1109/FUZZY.2005.1452513
