E. Jonsson and T. Olovsson. A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior. IEEE Transactions on Software Engineering, 23(4):235-- 245, April 1997.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....attempts have been made to use it to assess system security. Early work on probabilistic quantification of security was done by Littlewood et al. 8] That exploratory work primarily suggested questions that must be answered in order to make probabilistic security evaluation viable. Jonsson et al. [6] conducted several experiments and presented a quantitative model of a security intrusion based on attacker behavior. Their approach considers only one source of uncertainty in security validation: the behavior of the attacker. Several attempts have been made to build models that take into account ....

....intervention; hence, we do not model manual repair of excluded domains hosts, and can run out of domains hosts to start new replicas to replace the killed ones. We make several assumptions about attacker behavior. We have based our attacker model on the experiments conducted by Jonsson et al. [6], which suggest that there are three distinct classes of attacks: script based attacks, more exploratory attacks, and totally innovative attacks. The script based attacks are generally the most frequent, and are usually employed by inexperienced enthusiasts using scripts downloaded from the ....

E. Jonsson and T. Olovsson. A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior. IEEE Trans. on Software Engineering, 23(4):235--245, Apr. 1997.

....under consideration is a distributed system, the fault triggers may depend on its global state because attackers may utilize all the information they have about the di#erent nodes of the system while perpetrating an attack. Previous work in the area of modelling intrusion tolerance suggests [JO97] that attack behavior can be modelled using Markov chains. More recent work [SCS03] uses information about the global state of the system (the state of multiple servers) to determine future attack rates. Extended to support model driven injection as described above, global state based fault ....

E. Jonsson and T. Olovsson. A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior. IEEE Transactions on Software Engineering, 23(4):235--245, April 1997.

....rather than explaining why objects fell, rolled, or flew. Our belief is that the current pre scientific state of security research is fundamentally due to a lack of reasonable metrics. Furthermore, although there exist a few experimental methods for assessing security (i.e. tiger teaming [5]) these methods are not yet particularly meaningful in the context of science, where quantitative evaluation for comparison, modeling, and measurement of achievement is central. The main questions we are interested in addressing are: Question 1: How could one measure security ....

Erland Jonsson and Tomas Olovsson. A quantitative model of the security intrusion process based on attacker behavior. IEEE Transactions on Software Engineering, 23(4), April 1997.

....Thus, we have security function, effort to next breach distribution, and security hazard rate like the reliability function, time to next failure distribution, and reliability hazard rate respectively as in reliability theory. One of the works to fit system security into a mathematical model is [3], which presents an experiment to model the attacker behavior. The results show that during the standard attack phase , assuming breaches are independent and stochastically identical, the period of working time of a single attacker between successive breaches is found to be exponentially ....

....Fig. 2. A Mobile Agent Travelling on a Network Now, let us consider a mobile agent travelling through n hosts on the network, as illustrated in Figure 2. Each host, and the agent itself, is modeled as an abstract machine as in [1] We consider only the standard attack phase described in [3] by malicious hosts. On arrival at a malicious host, the mobile agent is subject to an attack effort from the host. Because the host is modeled as a machine, it is reasonable to estimate the attack effort by the number of instructions for the attack to carry out, Agent Host 1 Host 2 Host n . ....

Erland Jonsson. "A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior". In IEEE Transactions on Software Engineering, Vol. 23, No. 4. IEEE, April

....expert system for misuse detection. The statistical and rule based components function in parallel and independently of each other. A separate component, the resolver, is used to filter and combine evidence from the two detection modules to determine a final outcome. The studies reported in [ Jonsson and Olovsson, 1997 ] suggest that a typical 16 attack session can be split into three phases: a learning phase, a standard attack phase, and an innovative attack phase. During the learning phase, an inexperienced attacker learns about the target system s limitations, features and vulnerabilities to prepare himself ....

E. Jonsson and T. Olovsson. A quantitative model of the security intrusion process based on attacker behavior. IEEE Transactions on Software Engineering, 23(4), April 1997.

....policies. An important component of the course is a laboratory project. During the first years of the course, the students were asked to evaluate the security of a target system by means of attacking it. The results of those experiments have been presented in many research papers, including [14]. The synergy between our research and education in security has been very fruitful for both fields. It is obvious that our research would not have been what it is today without the Applied Computer Security course. This elective has been much appreciated, and students have claimed that it has ....

....from the Internet [16] An exploit script is a program designed and published by a skilled attacker. When executed, it will automatically carry out an attack on the target system. We claim that we have successfully modeled the infamous insider threat and that our results are of general value [14]. The second question is how well the students reports correspond to reality. The set of actions actually carried out by the attackers in our experiments is largely in agreement with the set of actions documented by the attackers in their reports, but the sets are not identical. There are indeed ....

Erland Jonsson and Tomas Olovsson. A quantitative model of the security intrusion process based on attacker behavior. IEEE Transactions on Software Engineering, 2(4):235--245, April 1997.

....logging the full path name of every command, together with all arguments, the proposed auditing policy is much more difficult to trick. 4 The logging during the data collection experiment 4. 1 The experiment During the years 1993 1996, we performed a number of intrusion experiments in UNIX systems [Jons97, Olov95]. The original goal of these experiments was quantitative modelling of operational security, that is, we tried to find measures for security that would reflect the system s ability to resist attacks. In order to do so, extensive logging and reporting were enforced and a great deal of data were ....

Erland Jonsson and Tomas Olovsson. "A Quantitative Model of the Security Intrusion Process Based on Attacker behaviour." In IEEE Transactions on Software Engineering, vol. 23, No. 4, April 1997.

No context found.

E. Jonsson and T. Olovsson. A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior. IEEE Transactions on Software Engineering, 23(4):235-- 245, April 1997.

No context found.

E. Jonsson and T. Olovsson. A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior. IEEE Transactions on Software Engineering, 23(4):235--245, April 1997.

No context found.

Erland Jonsson. "A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior". In IEEE Transactions on Software Engineering, Vol. 23, No. 4. IEEE, April 1997. 78

No context found.

Jonsson, E. and Olovsson, T. (1997). A quantitative model of the security intrusion process based on attacker behavior. IEEE Transactions on Software Engineering, 23(4):235245.

No context found.

E. Jonsson et al. "A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior", IEEE Transactions on Software Engineering, Vol. 23, No.4, pp. 235-245, April 1997.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC