Security modelling and analysis of dynamic enterprise networks

Simon Enoch Yusuf, Mengmeng Ge, Jin B. Hong, Huy Kang Kim, Paul Kim, Dong Seong Kim

Research output: Chapter in Book/Conference paperConference paper

21 Citations (Scopus)

Abstract

Dynamic networks can be characterised by many factors such as changes (e.g., vulnerability change, update of applications and services, topology changes). It is of vital importance to assess the security of such dynamic networks in order to improve the security of them. One way to assess the security is to use a graphical security model. However, the existing graphical security models (e.g., attack graphs and attack trees) have only considered static networks (i.e. the network does not change). It is also unclear how the existing cyber security metrics (e.g., attack cost, shortest attack path) change when the network configuration changes over time. To address this problem, we propose (i) to develop a novel graphical security model named Temporal-Hierarchical Attack Representation Model (T-HARM) to capture network changes and (ii) investigate the effect of network change on the existing cyber security metrics based on the proposed security model. We show how the existing security metrics change when the status of vulnerabilities changes.

Original languageEnglish
Title of host publicationProceedings - 2016 16th IEEE International Conference on Computer and Information Technology, CIT 2016, 2016 6th International Symposium on Cloud and Service Computing, IEEE SC2 2016 and 2016 International Symposium on Security and Privacy in Social Networks and Big Data, SocialSec 2016
Place of PublicationUSA
PublisherIEEE, Institute of Electrical and Electronics Engineers
Pages249-256
Number of pages8
ISBN (Electronic)9781509043149
DOIs
Publication statusPublished - 10 Mar 2017
Externally publishedYes
Event16th IEEE International Conference on Computer and Information Technology, CIT 2016 - Nadi, Fiji
Duration: 7 Dec 201610 Dec 2016

Conference

Conference16th IEEE International Conference on Computer and Information Technology, CIT 2016
CountryFiji
CityNadi
Period7/12/1610/12/16

Fingerprint Dive into the research topics of 'Security modelling and analysis of dynamic enterprise networks'. Together they form a unique fingerprint.

Cite this