Modeling cybersecurity risks: Proof of concept of a holistic approach for integrated risk quantification

Authors

Diane Henshel, Indiana University Bloomington
Alexander Alexeev, Indiana University Bloomington
Mariana Cains, Indiana University Bloomington
Jeff Rowe, College of Engineering
Hasan Cam, US Army Research Laboratory Adelphi Proving Ground
Blaine Hoffman, US Army Research Laboratory Adelphi Proving Ground
Iulian Neamtiu, Department of Computer Science

Document Type

Conference Proceeding

Publication Date

9-14-2016

Abstract

Decision-making in cyber-security is mostly ad-hoc and highly reliant on static policies, as well as human intervention. This does not fit current networks/systems, as they are highly dynamic systems where security assessments have to be performed, and decisions have to be made, automatically and in real-Time. To address this problem, we propose a risk-based approach to cybersecurity decision-making. In our model, the system undergoes a continuous security risk assessment based on risk; decisions for each action are taken based on constructing a sequence of alternative actions and weighing the cost-benefit trade-offs for each alternative. We demonstrate the utility of our system on a concrete example involving protecting an SQL server from SQL injection attacks. We also discuss the challenges associated with implementing our model.

Identifier

84991790865 (Scopus)

ISBN

[9781509007707]

Publication Title

2016 IEEE Symposium on Technologies for Homeland Security Hst 2016

External Full Text Location

https://doi.org/10.1109/THS.2016.7568937

Recommended Citation

Henshel, Diane; Alexeev, Alexander; Cains, Mariana; Rowe, Jeff; Cam, Hasan; Hoffman, Blaine; and Neamtiu, Iulian, "Modeling cybersecurity risks: Proof of concept of a holistic approach for integrated risk quantification" (2016). Faculty Publications. 10276.
https://digitalcommons.njit.edu/fac_pubs/10276