Expected losses, insurability, and benefits from reducing vulnerability to attacks.
- Cornell University, Ithaca, NY
A model of malicious attacks against an infrastructure system is developed that uses a network representation of the system structure together with a Hidden Markov Model of an attack at a node of that system and a Markov Decision Process model of attacker strategy across the system as a whole. We use information systems as an illustration, but the analytic structure developed can also apply to attacks against physical facilities or other systems that provide services to customers. This structure provides an explicit mechanism to evaluate expected losses from malicious attacks, and to evaluate changes in those losses that would result from system hardening. Thus, we provide a basis for evaluating the benefits of system hardening. The model also allows investigation of the potential for the purchase of an insurance contract to cover the potential losses when safeguards are breached and the system fails.
- Research Organization:
- Sandia National Laboratories
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- AC04-94AL85000
- OSTI ID:
- 918740
- Report Number(s):
- SAND2004-0742
- Country of Publication:
- United States
- Language:
- English
Similar Records
Physical security and vulnerability modeling for infrasturcture facilities.
Using Discrete Event Simulation to Model Attacker Interactions with Cyber and Physical Security Systems
Generative Vulnerability Assessment for Cyber-Physical Systems
Technical Report
·
Sat Jul 01 00:00:00 EDT 2006
·
OSTI ID:893151
Using Discrete Event Simulation to Model Attacker Interactions with Cyber and Physical Security Systems
Journal Article
·
Thu Oct 08 00:00:00 EDT 2015
· Procedia Computer Science
·
OSTI ID:1347710
Generative Vulnerability Assessment for Cyber-Physical Systems
Journal Article
·
Mon Nov 10 23:00:00 EST 2025
· ACM Transactions on Cyber-Physical Systems
·
OSTI ID:3005776