首页> 外文期刊>Dependable and Secure Computing, IEEE Transactions on >Dynamic Security Risk Management Using Bayesian Attack Graphs
【24h】

Dynamic Security Risk Management Using Bayesian Attack Graphs

机译:使用贝叶斯攻击图的动态安全风险管理

获取原文
获取原文并翻译 | 示例

摘要

Security risk assessment and mitigation are two vital processes that need to be executed to maintain a productive IT infrastructure. On one hand, models such as attack graphs and attack trees have been proposed to assess the cause-consequence relationships between various network states, while on the other hand, different decision problems have been explored to identify the minimum-cost hardening measures. However, these risk models do not help reason about the causal dependencies between network states. Further, the optimization formulations ignore the issue of resource availability while analyzing a risk model. In this paper, we propose a risk management framework using Bayesian networks that enable a system administrator to quantify the chances of network compromise at various levels. We show how to use this information to develop a security mitigation and management plan. In contrast to other similar models, this risk model lends itself to dynamic analysis during the deployed phase of the network. A multiobjective optimization platform provides the administrator with all trade-off information required to make decisions in a resource constrained environment.
机译:安全风险评估和缓解是必须执行的两个重要流程,以维护高效的IT基础架构。一方面,已经提出了诸如攻击图和攻击树之类的模型来评估各种网络状态之间的因果关系,另一方面,已经探索了不同的决策问题以识别最低成本的强化措施。但是,这些风险模型无法帮助推断网络状态之间的因果关系。此外,优化公式在分析风险模型时忽略了资源可用性的问题。在本文中,我们提出了一种使用贝叶斯网络的风险管理框架,该框架使系统管理员能够量化各个级别的网络受到破坏的机会。我们展示了如何使用此信息来制定安全缓解和管理计划。与其他类似模型相比,此风险模型可在网络部署阶段进行动态分析。多目标优化平台为管理员提供了在资源受限的环境中进行决策所需的所有权衡信息。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有
  • 客服微信

  • 服务号