Formalization of Attack Prediction Problem

Abstract

The use of information is inextricably linked with its security. The presence of vulnerabilities enables a third party to breach the security of information. Threat modeling helps to identify those infrastructure areas, which would be most likely exposed to attacks. In some cases, threat modeling cannot be classified as sufficient protection method. This paper entitled "Formalization of attack prediction problem" presents an analysis of different techniques with an attempt to identify the most informative parameters and attack prediction markers, which would lay the foundation for the development of attack probability functions. The obtained functional dependencies should be formally verified for further testing by a real system. The findings of this research could be applied during the future assessment of information system risk levels to ensure more effective information security management.