Abstract | ||
---|---|---|
Cybersecurity is an increasingly important challenge for computer systems. In this work, cyberattacks were modeled using an extension of the well-known Petri net formalism. That formalism, designated Petri nets with players, strategies, and costs, models the states of the cyberattack and events during the attack as markings and transition firings in the net respectively. The formalism models the attacker and defender as competing players who may observe the marking of a subset of the net and based on the observed marking act by changing the stochastic firing rates of a subset of the transitions in order to achieve their competing goals. Rate changes by the players incur a cost. Using the formalism, nets were constructed to model specific cyberattack patterns (cross-site scripting and spear phishing) documented in the Common Attack Pattern Enumeration and Classification database. The models were validated by a panel of cybersecurity experts in a structured face validation process. |
Year | DOI | Venue |
---|---|---|
2020 | 10.1016/j.cose.2020.101738 | Computers & Security |
Keywords | DocType | Volume |
Cybersecurity,Modeling,Petri Net,Machine Learning,CAPEC,Reinforcement Learning | Journal | 92 |
ISSN | Citations | PageRank |
0167-4048 | 0 | 0.34 |
References | Authors | |
0 | 5 |
Name | Order | Citations | PageRank |
---|---|---|---|
John A. Bland | 1 | 0 | 0.34 |
Mikel D. Petty | 2 | 68 | 12.54 |
Tymaine S. Whitaker | 3 | 0 | 0.34 |
Katia P. Maxwell | 4 | 0 | 0.34 |
Walter Alan Cantrell | 5 | 0 | 0.34 |