k-Zero Day Safety: Measuring the Security Risk of Networks against Unknown Attacks
The security risk of a network against unknown zero day attacks has been considered as
something unmeasurable since software flaws are less predictable than hardware faults and …
something unmeasurable since software flaws are less predictable than hardware faults and …
Structural models for fog computing based internet of things architectures with insurance and risk management applications
Cybersecurity risk modeling and pricing are becoming a spotlight in actuarial science and
operational research. This paper pertains to the analysis of the cybersecurity risks involved …
operational research. This paper pertains to the analysis of the cybersecurity risks involved …
Quantitative cyber risk reduction estimation methodology for a small SCADA control system
MA McQueen, WF Boyer, MA Flynn… - Proceedings of the 39th …, 2006 - ieeexplore.ieee.org
We propose a new methodology for obtaining a quantitative measurement of the risk
reduction achieved when a control system is modified with the intent to improve cyber …
reduction achieved when a control system is modified with the intent to improve cyber …
An empirical evaluation of the effectiveness of attack graphs and fault trees in cyber-attack perception
Perceiving and understanding cyber-attacks can be a difficult task. This problem is widely
recognized and welldocumented, and more effective techniques are needed to aid cyber …
recognized and welldocumented, and more effective techniques are needed to aid cyber …
Multi-stage attack graph security games: Heuristic strategies, with empirical game-theoretic analysis
We study the problem of allocating limited security countermeasures to protect network data
from cyber-attacks, for scenarios modeled by Bayesian attack graphs. We consider multi …
from cyber-attacks, for scenarios modeled by Bayesian attack graphs. We consider multi …
[PDF][PDF] Quantitative assessment of operational security: Models and tools
This paper proposes a novel approach to help computing system administrators in
monitoring the security of their systems. This approach is based on modeling the system as …
monitoring the security of their systems. This approach is based on modeling the system as …
Automated generation of attack trees
Attack trees are widely used to represent threat scenarios in a succinct and intuitive manner,
suitable for conveying security information to non-experts. The manual construction of such …
suitable for conveying security information to non-experts. The manual construction of such …
[PDF][PDF] 基于攻击图模型的网络安全评估研究
王永杰, 鲜明, 刘进, 王国玉 - 通信学报, 2007 - infocomm-journal.com
基于攻击图模型的网络安全评估研究Study of network security evaluation based on attack
graph model Page 1 2007 年3 月 Journal on Communications March 2007 第28 卷第3 期 通信 …
graph model Page 1 2007 年3 月 Journal on Communications March 2007 第28 卷第3 期 通信 …
Adversary-driven state-based system security evaluation
E LeMay, W Unkenholz, D Parks, C Muehrcke… - Proceedings of the 6th …, 2010 - dl.acm.org
To provide insight on system security and aid decision-makers, we propose the ADversary
VIew Security Evaluation (ADVISE) method to quantitatively evaluate the strength of a …
VIew Security Evaluation (ADVISE) method to quantitatively evaluate the strength of a …
Distilling critical attack graph surface iteratively through minimum-cost sat solving
It has long been recognized that it can be tedious and even infeasible for system
administrators to figure out critical security problems residing in full attack graphs, even for …
administrators to figure out critical security problems residing in full attack graphs, even for …