Abstract
With rapid development in the Internet technology, business management in an organization becomes dependent on network dependency and cohesiveness in a critical information and communications infrastructure. However, the occurrence of cyber attacks has increased, targeted against vulnerable resources in information systems. Hence, in order to protect private information and computer resources, risk analysis and damage propagation need to be studied. However, the existing models present mechanisms for risk management, and these models can only be applied to specified threats such as a virus or a worm. Therefore, a probabilistic model for damage propagation based on Markov process is proposed, which can be applied to diverse threats in information systems. The proposed model enables us to predict the occurrence probability and occurrence frequency of each threat in the information systems.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
In, H.P., Kim, Y.-G., Lee, T., Moon, C.-J., Jung, Y., Kim, I.: A Security Analysis Model for Information Systems. In: Baik, D.-K. (ed.) AsiaSim 2004. LNCS (LNAI), vol. 3398, pp. 505–513. Springer, Heidelberg (2005)
Stoneburner, G., Goguen, A., Feringa, A.: Risk Management Guide for Information Technology Systems, NIST Special Publication 800-30, NIST (2002)
GAO: Information Security Risk Assetment-Practices of Leading Organizations. GAO/AIMD-00-33 (1999)
Trivedi, K.S.: Probability and Statistics with Reliability, Queuing and Computer Science Applications, 2nd edn. Wiley Interscience, Chichester (2002)
Yates, R.D., Goodman, D.J.: Probability and Stochastic Process, 2nd edn. Wiley International, Chichester (2003)
KISA: Statistics and Analysis on Hacking and Virus, http://www.krcert.or.kr
Frauenthal, J.C.: Mathematical Modeling in Epidemiology. Springer, New York (1980)
Deley, D.J., Gani, J.: Epidemic Modeling: An Introduction. Cambridge University Press, Cambridge (1999)
Staniford, S., Paxson, V., Weaver, N.: How to Own the Internet in Your Spare Time. In: The proceedings of the 11th USENIX Security Symposium (Security 2002) (2002)
Zou, C.C., Gong, W., Towsley, D.: Worm Propagation Modeling and Analysis under Dynamic Quarantine Defense. In: ACM CCS Workshop on Rapid Malcode (WORM 2003) (2003)
Zou, C.C., Gong, W., Towsley, D.: Code Red Worm Propagation Modeling and Analysis. In: The proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 138–147 (2002)
Moore, D., Shannon, C., Voelker, G.M., Savage, S.: Internet Quarantine: Requirements for Containing Self-Propagating Code. The proceedings of IEEE INFOCOM (2003)
Chen, Z., Gao, L., Kwiat, K.: Modeling the Spread of Active Worms. The proceedings of IEEE INFOCOM 2003 (2003)
Vogt, T.: Simulating and Optimising Worm Propagation Algorithms (2003), http://web.lemuria.org/security/WormPropagation.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, YG., Lee, T., In, H.P., Chung, YJ., Kim, I., Baik, DK. (2006). A Probabilistic Approach to Estimate the Damage Propagation of Cyber Attacks. In: Won, D.H., Kim, S. (eds) Information Security and Cryptology - ICISC 2005. ICISC 2005. Lecture Notes in Computer Science, vol 3935. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11734727_16
Download citation
DOI: https://doi.org/10.1007/11734727_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-33354-8
Online ISBN: 978-3-540-33355-5
eBook Packages: Computer ScienceComputer Science (R0)