Name
Title | ||
|---|---|---|
A Novel Threat and Risk Assessment Mechanism for Security Controls in Service Management |
Abstract | ||
|---|---|---|
Most existing Threat and Risk Assessment (TRA) schemes for cloud services use a converse thinking approach to develop theoretical solutions for minimizing the risk of security breeches at a minimal cost. However, to support rational management decisions, TRA schemes require a careful analysis of the trade-off between the residual risk and the Return on Investment (ROI) given prescribed budget and time constraints. Accordingly, the present study proposes an improved Attack-Defense Tree mechanism designated as iADTree, for solving the TRA problem in cloud computing environments. The proposed scheme enables defenders to identify appropriate countermeasures in accordance with three different defensive strategies associated with the organization's security policy. In implementing the proposed scheme, a sandbox technique is used to examine the attack profile and attack probability of various forms of cyber attacks. The cost and residual risk of various defensive strategies are then evaluated and presented to the defender as a set of recommendations. Defense evaluation metrics for each node for probabilistic analysis is used to simulate the attack results. The simulations focus specifically on the attack profile of botnet to the threat risk assessment. The validity of the proposed approach is demonstrated by simulating the TRA process for a Zeus botnet attack. Overall, the results show that iADTree provides an effective means of modeling the interaction process between the attacker and the defender, analyzing the risk at each node of the tree given various defensive strategies, and developing cost-effective countermeasures for mitigating the network threat. |
Year | DOI | Venue |
|---|---|---|
2013 | 10.1109/ICEBE.2013.52 | ICEBE |
Keywords | Field | DocType |
cost-benefit analysis,budgeting,zeus botnet attack,security controls,various defensive strategy,probabilistic analysis,attack probability,residual risk,attack profile,novel threat,cloud services,time constraints,attack-defense tree mechanism,roi,tra problem,threat and risk assessment,attack-defense tree,return on investment,proposed scheme,risk assessment,risk management,attack result,tra schemes,investment,iadtree,threat risk assessment,service management,cloud computing,threat assessment,budget constraints,risk assessment mechanism,cyber attacks,cyber attack,security of data,probability,cost benefit analysis | Sandbox (computer security),Security controls,Return on investment,Botnet,Computer security,Computer science,Risk assessment,Risk management,Security policy,Cloud computing | Conference |
Citations | PageRank | References |
1 | 0.35 | 3 |
Authors | ||
3 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Ping Wang | 1 | 235 | 15.84 |
| Kuo-Ming Chao | 2 | 1123 | 130.82 |
| Chi-Chun Lo | 3 | 593 | 54.99 |