Automated security investment analysis of dynamic networks

Simon Enoch Yusuf, Jin Bum Hong, Mengmeng Ge, Hani Alzaid, Dong Seong Kim

Research output: Chapter in Book/Conference paperConference paper

1 Citation (Scopus)

Abstract

It is important to assess the cost benefits of IT security investments. Typically, this is done by manual risk assessment process. In this paper, we propose an approach to automate this using graphical security models (GSMs). GSMs have been used to assess the security of networked systems using various security metrics. Most of the existing GSMs assumed that networks are static, however, modern networks (e.g., Cloud and Software Defined Networking) are dynamic with changes. Thus, it is important to develop an approach that takes into account the dynamic aspects of networks. To this end, we automate security investments analysis of dynamic networks using a GSM named Temporal-Hierarchical Attack Representation Model (T-HARM) in order to automatically evaluate the security investments and their effectiveness for a given period of time. We demonstrate our approach via simulations.
Original languageEnglish
Title of host publicationACSW '18 Proceedings of the Australasian Computer Science Week Multiconference
Place of PublicationUnited States
PublisherAssociation for Computing Machinery (ACM)
Number of pages10
ISBN (Print)9781450354363
DOIs
Publication statusPublished - 2018
Externally publishedYes
Event2018 Australasian Computer Science Week Multiconference - Brisbane, Australia
Duration: 29 Jan 20182 Feb 2018

Conference

Conference2018 Australasian Computer Science Week Multiconference
Abbreviated titleACSW '18
CountryAustralia
CityBrisbane
Period29/01/182/02/18

Fingerprint

Risk assessment
Costs
Software defined networking

Cite this

Yusuf, S. E., Hong, J. B., Ge, M., Alzaid, H., & Kim, D. S. (2018). Automated security investment analysis of dynamic networks. In ACSW '18 Proceedings of the Australasian Computer Science Week Multiconference [6] United States: Association for Computing Machinery (ACM). https://doi.org/10.1145/3167918.3167964
Yusuf, Simon Enoch ; Hong, Jin Bum ; Ge, Mengmeng ; Alzaid, Hani ; Kim, Dong Seong. / Automated security investment analysis of dynamic networks. ACSW '18 Proceedings of the Australasian Computer Science Week Multiconference. United States : Association for Computing Machinery (ACM), 2018.
@inproceedings{9c3a54801dc74ba2a0395aa6a6ad0f88,
title = "Automated security investment analysis of dynamic networks",
abstract = "It is important to assess the cost benefits of IT security investments. Typically, this is done by manual risk assessment process. In this paper, we propose an approach to automate this using graphical security models (GSMs). GSMs have been used to assess the security of networked systems using various security metrics. Most of the existing GSMs assumed that networks are static, however, modern networks (e.g., Cloud and Software Defined Networking) are dynamic with changes. Thus, it is important to develop an approach that takes into account the dynamic aspects of networks. To this end, we automate security investments analysis of dynamic networks using a GSM named Temporal-Hierarchical Attack Representation Model (T-HARM) in order to automatically evaluate the security investments and their effectiveness for a given period of time. We demonstrate our approach via simulations.",
author = "Yusuf, {Simon Enoch} and Hong, {Jin Bum} and Mengmeng Ge and Hani Alzaid and Kim, {Dong Seong}",
year = "2018",
doi = "10.1145/3167918.3167964",
language = "English",
isbn = "9781450354363",
booktitle = "ACSW '18 Proceedings of the Australasian Computer Science Week Multiconference",
publisher = "Association for Computing Machinery (ACM)",
address = "United States",

}

Yusuf, SE, Hong, JB, Ge, M, Alzaid, H & Kim, DS 2018, Automated security investment analysis of dynamic networks. in ACSW '18 Proceedings of the Australasian Computer Science Week Multiconference., 6, Association for Computing Machinery (ACM), United States, 2018 Australasian Computer Science Week Multiconference, Brisbane, Australia, 29/01/18. https://doi.org/10.1145/3167918.3167964

Automated security investment analysis of dynamic networks. / Yusuf, Simon Enoch; Hong, Jin Bum; Ge, Mengmeng; Alzaid, Hani; Kim, Dong Seong.

ACSW '18 Proceedings of the Australasian Computer Science Week Multiconference. United States : Association for Computing Machinery (ACM), 2018. 6.

Research output: Chapter in Book/Conference paperConference paper

TY - GEN

T1 - Automated security investment analysis of dynamic networks

AU - Yusuf, Simon Enoch

AU - Hong, Jin Bum

AU - Ge, Mengmeng

AU - Alzaid, Hani

AU - Kim, Dong Seong

PY - 2018

Y1 - 2018

N2 - It is important to assess the cost benefits of IT security investments. Typically, this is done by manual risk assessment process. In this paper, we propose an approach to automate this using graphical security models (GSMs). GSMs have been used to assess the security of networked systems using various security metrics. Most of the existing GSMs assumed that networks are static, however, modern networks (e.g., Cloud and Software Defined Networking) are dynamic with changes. Thus, it is important to develop an approach that takes into account the dynamic aspects of networks. To this end, we automate security investments analysis of dynamic networks using a GSM named Temporal-Hierarchical Attack Representation Model (T-HARM) in order to automatically evaluate the security investments and their effectiveness for a given period of time. We demonstrate our approach via simulations.

AB - It is important to assess the cost benefits of IT security investments. Typically, this is done by manual risk assessment process. In this paper, we propose an approach to automate this using graphical security models (GSMs). GSMs have been used to assess the security of networked systems using various security metrics. Most of the existing GSMs assumed that networks are static, however, modern networks (e.g., Cloud and Software Defined Networking) are dynamic with changes. Thus, it is important to develop an approach that takes into account the dynamic aspects of networks. To this end, we automate security investments analysis of dynamic networks using a GSM named Temporal-Hierarchical Attack Representation Model (T-HARM) in order to automatically evaluate the security investments and their effectiveness for a given period of time. We demonstrate our approach via simulations.

U2 - 10.1145/3167918.3167964

DO - 10.1145/3167918.3167964

M3 - Conference paper

SN - 9781450354363

BT - ACSW '18 Proceedings of the Australasian Computer Science Week Multiconference

PB - Association for Computing Machinery (ACM)

CY - United States

ER -

Yusuf SE, Hong JB, Ge M, Alzaid H, Kim DS. Automated security investment analysis of dynamic networks. In ACSW '18 Proceedings of the Australasian Computer Science Week Multiconference. United States: Association for Computing Machinery (ACM). 2018. 6 https://doi.org/10.1145/3167918.3167964