Share Email Print
cover

Proceedings Paper

Impact modeling and prediction of attacks on cyber targets
Author(s): Aram Khalili; Brian Michalk; Lee Alford; Chris Henney; Logan Gilbert
Format Member Price Non-Member Price
PDF $14.40 $18.00
cover GOOD NEWS! Your organization subscribes to the SPIE Digital Library. You may be able to download this paper for free. Check Access

Paper Abstract

In most organizations, IT (information technology) infrastructure exists to support the organization's mission. The threat of cyber attacks poses risks to this mission. Current network security research focuses on the threat of cyber attacks to the organization's IT infrastructure; however, the risks to the overall mission are rarely analyzed or formalized. This connection of IT infrastructure to the organization's mission is often neglected or carried out ad-hoc. Our work bridges this gap and introduces analyses and formalisms to help organizations understand the mission risks they face from cyber attacks. Modeling an organization's mission vulnerability to cyber attacks requires a description of the IT infrastructure (network model), the organization mission (business model), and how the mission relies on IT resources (correlation model). With this information, proper analysis can show which cyber resources are of tactical importance in a cyber attack, i.e., controlling them enables a large range of cyber attacks. Such analysis also reveals which IT resources contribute most to the organization's mission, i.e., lack of control over them gravely affects the mission. These results can then be used to formulate IT security strategies and explore their trade-offs, which leads to better incident response. This paper presents our methodology for encoding IT infrastructure, organization mission and correlations, our analysis framework, as well as initial experimental results and conclusions.

Paper Details

Date Published: 28 April 2010
PDF: 9 pages
Proc. SPIE 7709, Cyber Security, Situation Management, and Impact Assessment II; and Visual Analytics for Homeland Defense and Security II, 77090M (28 April 2010); doi: 10.1117/12.849755
Show Author Affiliations
Aram Khalili, 21st Century Technologies, Inc. (United States)
Brian Michalk, 21st Century Technologies, Inc. (United States)
Lee Alford, 21st Century Technologies, Inc. (United States)
Chris Henney, 21st Century Technologies, Inc. (United States)
Logan Gilbert, 21st Century Technologies, Inc. (United States)


Published in SPIE Proceedings Vol. 7709:
Cyber Security, Situation Management, and Impact Assessment II; and Visual Analytics for Homeland Defense and Security II
William J. Tolone; John F. Buford; William Ribarsky; Gabriel Jakobson; John Erickson, Editor(s)

© SPIE. Terms of Use
Back to Top