ورود
مقالات فارسیISIکنفرانسهاژورنالها

A Risk Estimation Framework for Security Threats in Computer Networks

محل انتشار: مجله محاسبات و امنیت، دوره: 7، شماره: 1
سال انتشار: 1399
نوع سند: مقاله ژورنالی
زبان: انگلیسی
مشاهده: 251

فایل این مقاله در 15 صفحه با فرمت PDF قابل دریافت می باشد

استخراج به نرم افزارهای پژوهشی:

لینک ثابت به این مقاله:
https://civilica.com/doc/1151381

شناسه ملی سند علمی:

JR_JCSE-7-1_003

تاریخ نمایه سازی: 19 بهمن 1399

چکیده مقاله:

In security risk management of computer networks, some challenges are more serious in large networks. Specifying and estimating risks is largely dependent on the knowledge of security experts. In this paper, a framework for security risk estimation is proposed to address this issue. It represents the security knowledge required for security risk estimation and utilizes current security metrics and vulnerability databases. This framework is a major step towards automating the process of security risk estimation so that a network administrator can estimate the risk of the network with less expertise and effort. As a case study, the proposed framework is applied to a sample network to show its applicability and usability in operational environments. The comparison of results with two existing methods showed the validity of the estimations given by the proposed framework.

کلیدواژه ها:

Security Threat ، analysis model ، Computer Networks ، Risk Estimation ، attack graph ، Bayesian network

نویسندگان

Razieh Rezaee

Data and Communication Security Lab., Computer Dept., Ferdowsi University of Mashhad, Iran.

Abbas Ghaemi Bafghi

Data and Communication Security Lab., Computer Dept., Ferdowsi University of Mashhad, Iran.

مراجع و منابع این مقاله:

لیست زیر مراجع و منابع استفاده شده در این مقاله را نمایش می دهد. این مراجع به صورت کاملا ماشینی و بر اساس هوش مصنوعی استخراج شده اند و لذا ممکن است دارای اشکالاتی باشند که به مرور زمان دقت استخراج این محتوا افزایش می یابد. مراجعی که مقالات مربوط به آنها در سیویلیکا نمایه شده و پیدا شده اند، به خود مقاله لینک شده اند :
  • X. Li, M. Li, and H. Wang. Research on Network Security Risk Assessment ...
  • B. Karabacak and I. Sogukpinar. ISRAM: information security risk analysis method. Computers ...
  • P. Saripalli and B. Walters. Quirc: A quantitative impact and risk assessment ...
  • CWE. Forum of Incident Response and Security, Common Vulnerability Scoring ...
  • CWE. Forum of Incident Response and Security, Common Weakness Scoring ...
  • A. Mukhopadhyay, S. Chatterjee, K. K. Bagchi, P. J. Kirs, and G. K. Shukla. Cyber ...
  • S. Kabir and Y. Papadopoulos. Applications of Bayesian networks and Petri nets ...
  • N. Poolsappasit, R. Dewri, and I. Ray. Dynamic security risk management using bayesian ...
  • B. Kordy, M. Pouly, and P. Schweitzer. Probabilistic reasoning with graphical security models. ...
  • M. Khosravi-Farmad, R. Rezaee, A. Harati, and A. G. Bafghi. Network security risk mitigation ...
  • M. Khosravi-Farmad, R. Rezaee, and A. G. Bafghi. Considering temporal and environmental characteristics ...
  • T. Sommestad, M. Ekstedt, and H. Holm. The cyber security modeling language: A ...
  • H. Holm, K. Shahzad, M. Buschle, and M. Ekstedt. P2CySeMoL: Predictive, Probabilistic Cyber Security ...
  • P. Ammann, D. Wijesekera, and S. Kaushik. Scalable, graph-based network vulnerability analysis. In ...
  • R. Rezaee, A. G. Bafghi, and M. Khosravi-Farmad. A threat risk estimation model ...
  • S. H. Houmb, V. N. Franqueira, and E. A. Engum. Quantifying security risk ...
  • J. Zhou, G. Reniers, and L. Zhang. Petri-net based attack time analysis in ...
  • X. Zhang and D. Zhang. Quantitative Risk Assessment of Cyber Physical Power ...
  • D. Pramod and S. V. Bharathi. Developing an Information Security Risk Taxonomy ...
  • S. Lee, S. Kim, K. Choi, and T. Shon. Game theory-based security vulnerability quantification ...
  • S. Musman and A. Turner. A game theoretic approach to cyber security ...
  • S. Yang, Y. Zhang, and C. Wu. Attack-Defense Quantification Based On Game-Theory. arXiv ...
  • Y. Yang, B. Che, Y. Zeng, Y. Cheng, and C. Li. MAIAD: a multistage asymmetric ...
  • K. Zhang. Analysis method based on rough attack-defense Bayes game model. ...
  • T. Sommestad, M. Ekstedt, and P. Johnson. Combining defense graphs and enterprise architecture ...
  • V. Lisy and R. Píbil. Computing optimal attack strategies using unconstrained influence ...
  • A. Laszka, M. Felegyhazi, and L. Buttyan. A survey of interdependent information security ...
  • A. R. Hota and S. Sundaram. Interdependent security games under behavioral probability ...
  • S. Amin, G. Schwartz A, and S. S. Sastry. Security of interdependent and ...
  • M. Abdallah, P. Naghizadeh, A. R. Hota, T. Cason, S. Bagchi, and S. Sundaram. Behavioral and ...
  • S. A. Hasheminasab, B. Tork Ladani, and T. Alpcan. Interdependent Security Game Design ...
  • W. Shang, T. Gong, C. Chen, J. Hou, and P. Zeng. Information Security Risk Assessment ...
  • A. T. Al Ghazo, M. Ibrahim, H. Ren, and R. Kumar. A2G2V: Automatic Attack Graph ...
  • M. Albanese, S. Jajodia, and S. Noel. Time-efficient and cost-effective network hardening using ...
  • S. Zhang and S. Song. A novel attack graph posterior inference model ...
  • T. Sommestad, M. Ekstedt, and P. Johnson. A probabilistic relational model for security ...
  • S. Russell and P. Norvig. Artificial Intelligence: A Modern Approach. Prentice Hall ...
  • K. Zhou, A. Martin, and Q. Pan. The belief noisy-or model applied to ...
  • J. Sembiring, M. Ramadhan, Y. S. Gondokaryono, and A. A. Arman. Network security risk ...
  • G. S. Bopche and B. M. Mehtre. Attack graph generation, visualization and ...
  • G. Stoneburner, A. Goguen, and A. Feringa. Risk management guide for information technology ...
  • R. S. Ross. Managing information security risk. Nist special publication, 2011. ...
  • CCMB. Common Criteria for Information Technology Security Evaluation, ISO/IEC 15408, ...
  • NIST. National Vulnerability Database. https://nvd.nist.gov/, Date Accessed: June 9, 2020. ...
  • CVE. CVE Reference Map for Source OSVDB. https://cve.mitre.org/data/refs/refmap/source-OSVDB.html, Date Accessed: ...
    • نمایش کامل مراجع