La vitrine de diffusion des publications et contributions des chercheurs de l'ÉTS
RECHERCHER

A defense-centric model for multi-step attack damage cost evaluation

Shameli-Sendi, Alireza et Louafi, Habib et He, Wenbo et Cheriet, Mohamed. 2015. « A defense-centric model for multi-step attack damage cost evaluation ». In 2015 3rd International Conference on Future Internet of Things and Cloud (FiCloud) (Rome, Italy, Aug. 24-26, 2015), p. 145-149. IEEE.

[img]
Prévisualisation
PDF
Cheriet M. 2015 12253 A defense-centric model for multi-step.pdf - Version acceptée
Licence d'utilisation : Tous les droits réservés aux détenteurs du droit d'auteur.

Télécharger (2MB) | Prévisualisation

Résumé

Measuring the attack damage cost and monitoring the sequence of privilege escalations play a critical role in choosing the right countermeasure by Intrusion Response System (IRS). The existing attack damage cost evaluation approaches inherit some limitations, such as neglecting the dependencies between system assets, ignoring the backward damage of exploited non-goal services, or omitting the potential damage toward the goal service. In this paper, we propose a defense-centric model to calculate the damage cost of a multi-step attack. The main advantage of this model is providing an accurate damage cost by considering not only the damaged services (non-goal services) but also the potential damage toward the attacker target (goal service). To track the attacker's progress and find the attack path, an Attack-Defense Tree (ADT) is used. The model has been implemented in, but is not limited to, the cloud environment and tested with a multi-step attack scenario.

Type de document: Compte rendu de conférence
Professeur:
Professeur
Cheriet, Mohamed
Affiliation: Génie de la production automatisée
Date de dépôt: 03 févr. 2016 20:40
Dernière modification: 08 mars 2016 17:00
URI: http://espace2.etsmtl.ca/id/eprint/12253

Actions (Authentification requise)

Dernière vérification avant le dépôt Dernière vérification avant le dépôt

Statistiques de téléchargement

Plus de statistiques ...