Abstract
Existing risk propagation models are limited and inadequate for the analysis of cyber attacks caused by various threats to information systems, because of their limited focus only on one specific threat, such as a single virus or worm. Therefore, we herein propose a risk propagation model based on the Markov process, which can be applied to diverse threats to information systems. Furthermore, simulations including in case a threat occurs related with other threats are performed using five scenarios to verify the proposed model.
"This research was supported by the MIC (Ministry of Information and Communication), Korea, under the ITRC (Information Technology Research Center) support program supervised by the IITA (Institute of Information Technology Advancement)" (IITA-2006-(C1090-0603-0025)).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
In, H.P., Kim, Y.-G., Lee, T., Moon, C.-J., Jung, Y.-J., Kim, I., Baik, D.-K.: A Security Analysis Model for Information Systems. In: Baik, D.-K. (ed.) Systems Modeling and Simulation: Theory and Applications. LNCS (LNAI), vol. 3398, pp. 505–513. Springer, Heidelberg (2005)
Stoneburner, G., Goguen, A., Feringa, A.: Risk Management Guide for Information Technology Systems, NIST Special Publication 800–830. NIST (2002)
GAO: Information Security Risk Assetment-Practices of Leading Organizations. GAO/AIMD-00-33 (1999)
Kim, Y.-G, Lee, T., In, H.P., Jung, Y.-J., Kim, I., Baik, D.-K.: A Probabilistic Approach to Estimate the Damage Propagation of Cyber Attacks. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 175–185. Springer, Heidelberg (2006)
Kim, Y.-G., Jeong, D., Park, S.-H., Baik, D.-K.: Simulation of Risk Propagation Model in Information Systems. In: Proc. of the 2006 International Conference on Computational Intelligence and Security (CIS 2006), pp. 1555–1558. IEEE Computer Society Press, Los Alamitos (2006)
Kishor, S.: Trivedi: Probability and Statistics with Reliability, Queuing and Computer Science Applications, 2nd edn. Wiley Interscience, Chichester (2002)
Roy, D., Yates, D.J.: Goodman: Probability and Stochastic Process, 2nd edn. Wiley International Edition, Chichester (2003)
KISA: Statistics and Analysis on Hacking and Virus, http://www.krcert.or.kr
Law, A., Kelton, W.: Simulation Modeling and Analysis, 3rd edn. McGraw-Hill Higher Education, New York (2000)
Frauenthal, J.C.: Mathematical Modeling in Epidemiology. Springer, New York (1980)
Deley, D.J., Gani, J.: Epidemic Modeling: An Introduction. Cambridge University Press, Cambridge (1999)
Staniford, S., Paxson, V., Weaver, N.: How to Own the Internet in Your Spare Time. In: Proc. of the 11th USENIX Security Symposium (Security02) (2002)
Zou, C.C., Gong, W., Towsley, D.: Worm Propagation Modeling and Analysis under Dynamic Quarantine Defense. In: Proc. of the ACM CCS Workshop on Rapid Malcode (WORM 2003) (2003)
Zou, C.C., Gong, W., Towsley, D.: Code Red Worm Propagation Modeling and Analysis. In: Proc. of the 9th ACM Conference on Computer and Communications Security, pp. 138–147. ACM Press, New York (2002)
Moore, D., Shannon, C., Voelker, G.M., Savage, S.: Internet Quarantine: Requirements for Containing Self-Propagating Code. In: Proc. of the proceedings of IEEE INFOCOM, IEEE Computer Society Press, Los Alamitos (2003)
Chen, Z., Gao, L., Kwiat, K.: Modeling the Spread of Active Worms. In: Proc. of the proceedings of IEEE INFOCOM 2003, IEEE Computer Society Press, Los Alamitos (2003)
Vogt, T.: Simulating and Optimising Worm Propagation Algorithms (2003), http://web.lemuria.org/security/WormPropagation.pdf
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kim, YG., Jeong, D., Park, SH., Lim, J., Baik, DK. (2007). Modeling and Simulation for Security Risk Propagation in Critical Information Systems. In: Wang, Y., Cheung, Ym., Liu, H. (eds) Computational Intelligence and Security. CIS 2006. Lecture Notes in Computer Science(), vol 4456. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74377-4_90
Download citation
DOI: https://doi.org/10.1007/978-3-540-74377-4_90
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74376-7
Online ISBN: 978-3-540-74377-4
eBook Packages: Computer ScienceComputer Science (R0)