Near Real-time Risk Assessment Using Hidden Markov Models.

摘要

Business objectives and methods in an organization change periodically. Their supporting Information Systems (ISs) change even more dynamically for various reasons: system upgrades, software patches, routine maintenance, and intentionally or unintentionally induced attacks. Unless regular, routine, and timely risk assessments are conducted, changes in IS risks may never be noticed. Risk assessments need to be performed more frequently and faster in order to discover potential threats and to determine the changes that must be made to corporate computing environments to address them. Furthermore, conducting risk assessments on organizational assets can be time consuming, burdensome, and misleading in many cases because of the dynamically changing security states of assets. In theory, each asset can change its security states from one of secure, mitigated, vulnerable, or compromised. However, the secure state is only temporary and imaginary; it may never exist. Therefore, it is more accurate to say that each asset changes its security state from mitigated, vulnerable, or compromised. If we can predict an asset's future security state based on its current security state, we would have a good indicator of risk for the organization's mission-critical assets. Similarly, if risk factors of each mission critical asset could be quantified in near real-time, a risk assessment could be valuable in informing organizational stakeholders of the level of risk of their mission critical assets, which would then aid in their risk mitigation decisions. Quantifying organizational IS risk factors could be meaningful to an organization because quantifying risk levels could prompt a solution space in mitigating risks.;In this research, we introduce an effective risk assessment using hidden Markov models (HMMs) in order to predict future security states and to quantify dynamically changing organizational IS assets by exploring possible security states from an insider user's perspective. HMMs have been used in many scientific fields to predict future states based on current states. Using these models, organizational mission critical assets could be assessed for their risk levels in a near real-time basis to determine the future risk level of each dynamically changing asset due to internally or externally induced threats.