Estimating Loss Due to Cyber-Attack in the Presence of Uncertainty

Cyber-security risk assessment includes estimation of losses possible to a system due to cyber-attacks. As there are uncertain elements to this and as we model uncertainty using probability, we seek to estimate the attack loss distribution. In particular, the tail of the distribution represents the...

Full description

Saved in:
Bibliographic Details
Main Authors: Nguyen, Hoang Hai, Nicol, David M.
Format: Conference Proceeding
Language:English
Subjects:
analytically optimal importance sampling scheme
attack loss distribution
attack loss threshold increases
computational complexity
cyber-attack
cyber-security risk assessment
high-impact events
importance sampling
loss tail probability
low-probability
model uncertainty
Monte Carlo methods
Monte Carlo simulation
novel cyber-security risk assessment approach
probabilistic attack graphs
probability
rare event realizations
risk management
Scalability
Search problems
Security
security of data
standard Monte Carlo techniques
Uncertainty
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Cyber-security risk assessment includes estimation of losses possible to a system due to cyber-attacks. As there are uncertain elements to this and as we model uncertainty using probability, we seek to estimate the attack loss distribution. In particular, the tail of the distribution represents the low-probability but high-impact events. However, quantifying those events using standard Monte Carlo techniques is inefficient due to the low probability. This paper proposes a novel cyber-security risk assessment approach based on uncertain graphs, with an emphasis on modeling losses due to cyber-attacks. Under rare event realizations where the attack loss is greater than a selected threshold, we (i) derive the analytically optimal importance sampling scheme for the loss tail probability and (ii) propose an approximation to the optimal importance sampling scheme which has the assurance of bounded relative error. While the approximation scheme requires solving an NP-hard problem, we use a search procedure that becomes more efficient as the attack loss threshold increases. A case study on a medium-sized network demonstrates the use and performance of our approach.
ISSN:2324-9013
DOI:10.1109/TrustCom50675.2020.00057