Integrating attacker behavior in IT security analysis: A discrete-event simulation approach

Ekelhart A, Kiesling E, Grill B, Strauss C, Stummer C (2015)
Information Technology and Management 16(3): 221-233.

Zeitschriftenaufsatz | Veröffentlicht | Englisch
 
Download
Es wurden keine Dateien hochgeladen. Nur Publikationsnachweis!
Autor*in
Ekelhart, Andreas; Kiesling, Elmar; Grill, Bernhard; Strauss, Christine; Stummer, ChristianUniBi
Abstract / Bemerkung
When designing secure information systems, a profound understanding of the threats that they are exposed to is indispensable. Today's most severe risks come from malicious threat agents exploiting a variety of attack vectors to achieve their goals, rather than from random opportunistic threats such as malware. Most security analyses, however, focus on fixing technical weaknesses, but do not account for sophisticated combinations of attack mechanisms and heterogeneity in adversaries' motivations, resources, capabilities, or points of access. In order to address these shortcomings and, thus, to provide security analysts with a tool that makes it possible to also identify emergent weaknesses that may arise from dynamic interactions of attacks, we have combined rich conceptual modeling of security knowledge with attack graph generation and discrete-event simulation techniques. This paper describes the prototypical implementation of the resulting security analysis tool and demonstrates how it can be used for an experimental evaluation of a system's resilience against various adversaries.
Stichworte
IT security; Modeling and simulation; Secure systems analysis and design; Attacker behavior
Erscheinungsjahr
2015
Zeitschriftentitel
Information Technology and Management
Band
16
Ausgabe
3
Seite(n)
221-233
ISSN
1385-951X
eISSN
1573-7667
Page URI
https://pub.uni-bielefeld.de/record/2769350

Zitieren

Ekelhart A, Kiesling E, Grill B, Strauss C, Stummer C. Integrating attacker behavior in IT security analysis: A discrete-event simulation approach. Information Technology and Management. 2015;16(3):221-233.
Ekelhart, A., Kiesling, E., Grill, B., Strauss, C., & Stummer, C. (2015). Integrating attacker behavior in IT security analysis: A discrete-event simulation approach. Information Technology and Management, 16(3), 221-233. doi:10.1007/s10799-015-0232-6
Ekelhart, A., Kiesling, E., Grill, B., Strauss, C., and Stummer, C. (2015). Integrating attacker behavior in IT security analysis: A discrete-event simulation approach. Information Technology and Management 16, 221-233.
Ekelhart, A., et al., 2015. Integrating attacker behavior in IT security analysis: A discrete-event simulation approach. Information Technology and Management, 16(3), p 221-233.
A. Ekelhart, et al., “Integrating attacker behavior in IT security analysis: A discrete-event simulation approach”, Information Technology and Management, vol. 16, 2015, pp. 221-233.
Ekelhart, A., Kiesling, E., Grill, B., Strauss, C., Stummer, C.: Integrating attacker behavior in IT security analysis: A discrete-event simulation approach. Information Technology and Management. 16, 221-233 (2015).
Ekelhart, Andreas, Kiesling, Elmar, Grill, Bernhard, Strauss, Christine, and Stummer, Christian. “Integrating attacker behavior in IT security analysis: A discrete-event simulation approach”. Information Technology and Management 16.3 (2015): 221-233.

Export

Markieren/ Markierung löschen
Markierte Publikationen

Open Data PUB

Web of Science

Dieser Datensatz im Web of Science®

Suchen in

Google Scholar