Modeling cybersecurity risks: Proof of concept of a holistic approach for integrated risk quantification

Diane Henshel, Alexander Alexeev, Mariana Cains, Jeff Rowe, Hasan Cam, Blaine Hoffman, Iulian Neamtiu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Decision-making in cyber-security is mostly ad-hoc and highly reliant on static policies, as well as human intervention. This does not fit current networks/systems, as they are highly dynamic systems where security assessments have to be performed, and decisions have to be made, automatically and in real-Time. To address this problem, we propose a risk-based approach to cybersecurity decision-making. In our model, the system undergoes a continuous security risk assessment based on risk; decisions for each action are taken based on constructing a sequence of alternative actions and weighing the cost-benefit trade-offs for each alternative. We demonstrate the utility of our system on a concrete example involving protecting an SQL server from SQL injection attacks. We also discuss the challenges associated with implementing our model.

Original languageEnglish (US)
Title of host publication2016 IEEE Symposium on Technologies for Homeland Security, HST 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)9781509007707
DOIs
StatePublished - Sep 14 2016
Event2016 IEEE Symposium on Technologies for Homeland Security, HST 2016 - Waltham, United States
Duration: May 10 2016May 11 2016

Publication series

Name2016 IEEE Symposium on Technologies for Homeland Security, HST 2016

Other

Other2016 IEEE Symposium on Technologies for Homeland Security, HST 2016
CountryUnited States
CityWaltham
Period5/10/165/11/16

All Science Journal Classification (ASJC) codes

  • Computer Vision and Pattern Recognition
  • Safety Research
  • Computer Science Applications
  • Computer Networks and Communications
  • Law

Keywords

  • SQL injection
  • cybersecurity
  • dynamic risk
  • risk assessment
  • risk calculation

Fingerprint Dive into the research topics of 'Modeling cybersecurity risks: Proof of concept of a holistic approach for integrated risk quantification'. Together they form a unique fingerprint.

Cite this