Anand Handa, Subhasis Mukhopadhyay, Shankhadip Mallick, Nitesh Kumar, S. Shukla, Remish L. Minz, Sanjana Pai Nagarmat, R. Rakesh
{"title":"基于概率模型检验的网络资产网络风险评估","authors":"Anand Handa, Subhasis Mukhopadhyay, Shankhadip Mallick, Nitesh Kumar, S. Shukla, Remish L. Minz, Sanjana Pai Nagarmat, R. Rakesh","doi":"10.1109/CICT48419.2019.9066178","DOIUrl":null,"url":null,"abstract":"Attack path analysis to assess the path from the external facing entities to the inner hosts and network elements is a much researched problem. However, to compute a summary risk value per device, based on vulnerabilities discovered on a daily basis, is a much demanded capability in the arsenal of any security administrator of an enterprise network. Further, higher management such as CISOs have to be convinced with numerical risk comparisons to allow the down time required to patch the systems as opposed to defer it till a much later date during a scheduled shutdown. It must be noted that each security administrator's problem is different due to the difference in the structure and composition of the network they administer. Therefore, no industry data source can help in getting these numbers, as the risk numbers are specific to each network and its components. In this paper, we present a methodology based in probabilistic model checking to compute these risk scores for each device in an enterprise network.","PeriodicalId":234540,"journal":{"name":"2019 IEEE Conference on Information and Communication Technology","volume":"28 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Cyber Risk Assessment of Networked Cyber Assets using Probabilistic Model Checking\",\"authors\":\"Anand Handa, Subhasis Mukhopadhyay, Shankhadip Mallick, Nitesh Kumar, S. Shukla, Remish L. Minz, Sanjana Pai Nagarmat, R. Rakesh\",\"doi\":\"10.1109/CICT48419.2019.9066178\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Attack path analysis to assess the path from the external facing entities to the inner hosts and network elements is a much researched problem. However, to compute a summary risk value per device, based on vulnerabilities discovered on a daily basis, is a much demanded capability in the arsenal of any security administrator of an enterprise network. Further, higher management such as CISOs have to be convinced with numerical risk comparisons to allow the down time required to patch the systems as opposed to defer it till a much later date during a scheduled shutdown. It must be noted that each security administrator's problem is different due to the difference in the structure and composition of the network they administer. Therefore, no industry data source can help in getting these numbers, as the risk numbers are specific to each network and its components. In this paper, we present a methodology based in probabilistic model checking to compute these risk scores for each device in an enterprise network.\",\"PeriodicalId\":234540,\"journal\":{\"name\":\"2019 IEEE Conference on Information and Communication Technology\",\"volume\":\"28 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-12-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 IEEE Conference on Information and Communication Technology\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CICT48419.2019.9066178\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 IEEE Conference on Information and Communication Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CICT48419.2019.9066178","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Cyber Risk Assessment of Networked Cyber Assets using Probabilistic Model Checking
Attack path analysis to assess the path from the external facing entities to the inner hosts and network elements is a much researched problem. However, to compute a summary risk value per device, based on vulnerabilities discovered on a daily basis, is a much demanded capability in the arsenal of any security administrator of an enterprise network. Further, higher management such as CISOs have to be convinced with numerical risk comparisons to allow the down time required to patch the systems as opposed to defer it till a much later date during a scheduled shutdown. It must be noted that each security administrator's problem is different due to the difference in the structure and composition of the network they administer. Therefore, no industry data source can help in getting these numbers, as the risk numbers are specific to each network and its components. In this paper, we present a methodology based in probabilistic model checking to compute these risk scores for each device in an enterprise network.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
