Study on Prediction and Response Model for Threat Diffusion Based on Multi-Step Reachability Matrix

As the importance of defending against cyber attacks has increased, various studies have been conducted to analyze and utilize the reachability between hosts. Although this approach effectively explains asset-based threat responses by security personnel, it is limited as a means of strategic judgmen...

Full description

Saved in:
Bibliographic Details
Published in:Electronics (Basel) 2024-10, Vol.13 (19), p.3921
Main Authors: Lee, Jina, Jung, Subong, Cheagal, Daehoon, Jang, Jisoo, Shin, Dongkyoo
Format: Article
Language:English
Subjects:
Access control
Computer crimes
Connectivity
Decision making
Defense
Graphs
Internet
Network security
Safety and security measures
Threats
Visualization
Citations: Items that this one cites
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:As the importance of defending against cyber attacks has increased, various studies have been conducted to analyze and utilize the reachability between hosts. Although this approach effectively explains asset-based threat responses by security personnel, it is limited as a means of strategic judgment by top decision makers considering the tasks of an organization in a large-scale network environment. The purpose of this study is to develop a method for simplifying the characteristics of the attack paths of a large number of hosts by projecting them to a higher-level organization and aiding in visualizing the impacts of threats. To achieve this, a methodology is presented that supports both strategic judgment by top decision makers, considering the tasks of lower-level organizational units, and asset-based responses. This is accomplished by analyzing asset-based impacts through the generation of a Multi-Step Reachability Matrix (MRM2) and the multi-threat synthesis of low-level threat diffusion paths at the asset level, while gradually abstracting the transition information of the corresponding threats to the higher-level organization. In this paper, the diffusion process is modeled through the connectivity between hosts, and it is expected that this approach will contribute to the development of a decision support model that meets the needs of both upper- and lower-level decision makers. This is achieved by reflecting a variety of factors that influence attack and defense. These factors include the importance of the organization’s mission or business to each asset, the criticality of the system function to which the asset belongs, the dependencies between assets, and the unique characteristics of the asset, including vulnerabilities, exploitation conditions, cyber resilience, and lifecycle costs.
ISSN:2079-9292
2079-9292
DOI:10.3390/electronics13193921