Abstract
In this chapter, we continue exploring how resilient is a network to a failure propagating through it; however, now we also include an explicit treatment of specific causes of failure – malicious activities of the cyber attacker. This chapter considers cyber attacks and the ability to counteract their implementation as the key factors determining the resilience of computer networks and systems. Indeed, cyber attacks are the most important among destabilizing forces impacting a network. Moreover, the term cyber resilience can be interpreted as the stability of computer networks or systems operating under impact of cyber attacks. The approach in this chapter involves the construction of analytical models to implement the most well-known types of attacks. The result of the modeling is the distribution function of time and average time of implementation of cyber attacks. These estimates are then used to find the indicators of cyber resilience. To construct analytical models of cyber attacks, this chapter introduces an approach based on the stochastic networks conversion, which works well for modeling multi-stage stochastic processes of different natures.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abraham, S., & Nair, S. (2015). A predictive framework for cyber security analytics using attack graphs. International Journal of Computer Networks & Communications (IJCNC), 7(1), 1–17.
Ahuja, S. P. (1998). COMNET III: A network simulation laboratory environment for a course in communications networks. In 28th Annual Frontiers in Education Conference (FIE ‘98) (vol. 3, pp. 1085–1088)
Bartol, N., Bates, B., Goertzel, K. M., & Winograd, T. (2009). Measuring cyber security and information assurance, Information Assurance Technology Analysis Center. https://www.csiac.org/wp-content/uploads/2016/02/cybersecurity.pdf
Bengio, Y., Thibodeau-Laufer, E., Alain, G., & Yosinski, J. (2014). Deep generative stochastic networks trainable by backprop. http://arxiv.org/abs/1306.1091
Bocchini, P., Frangopol, D. M., Ummenhofer, T., & Zinke, T. (2014). Resilience and sustainability of civil infrastructure: Toward a unified approach. Journal of Infrastructure Systems, 20, 04014004.
Bodeau, D., Graubart, R., Heinbockel, W., & Laderman, E. (2015). Cyber resiliency engineering aid – The updated cyber resilience engineering framework and guidance on applying cyber resiliency techniques. MITRE Corporation. http://www.defenseinnovationmarketplace.mil/resources/20150527_Cyber_Resiliency_Engineering_Aid-Cyber_Resiliency_Techniques.pdf
Collier, Z. A., Panwar, M., Ganin, A. A., Kott, A., & Linkov, I. (2016). Security metrics in industrial control systems. In E. Colbert & A. Kott (Eds.), Cyber-security of SCADA and other industrial control systems. Advances in information security (Vol. 66, pp. 167–185). Cham: Springer.
Cyber Resilience Review (CRR): Method Description and Self-Assessment User Guide. (2014). Software Engineering Institute, Carnegie Mellon University. https://www.us-cert.gov/sites/default/files/c3vp/csc-crr-method-description-and-user-guide.pdf
Dudorov, D., Stupples, D., & Newby, M. (2013). Probability analysis of cyber attack paths against business and commercial enterprise systems. In 2013 European Intelligence and Security Informatics Conference (pp. 38–44).
Ganin, A. A., Massaro, E., Gutfrain, A., Steen, N., Keisler, J. M., Kott, A., Mangoubi, R., & Linkov, I. (2015, August). Operational resilience: Concepts, design and analysis, Scientific Reports. https://doi.org/10.1038/srep19540.
Goldman, R. P. (2002). A stochastic model for intrusions. In Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID 2002) (pp. 199–218).
Jansen, W. (2009). Directions in Security Metrics Research, National Institute of Standards and Technology. http://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7564.pdf
Kelly, F., & Yudovina, E. (2014). Stochastic networks. Cambridge: Cambridge University Press.
Kotenko, I., & Chechulin, A. (2013). A Cyber attack modeling and impact assessment framework. In Proceedings of the 5th IEEE International Conference on Cyber Conflict (CyCon) (pp. 1–24).
Kotenko, I., & Doynikova, E. (2014). Evaluation of computer network security based on attack graphs and security event processing. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), 5(3), 14–29.
Kotenko, I., & Doynikova, E. (2017). Selection of countermeasures against network attacks based on dynamical calculation of security metrics. Journal of Defence Modeling and Simulation: Applications, Methodology, Technology. http://journals.sagepub.com/doi/abs/10.1177/1548512917690278.
Linkov, I., et al. (2012). Resilience metrics for cyber systems. Environment Systems & Decisions, 33, 471–476.
Linkov, I., et al. (2013). Measurable resilience for actionable policy. Environmental Science & Technology, 47, 10108–10110.
Luvanda, A., Kimani, S., & Kimwele, M. (2014). Identifying threats associated with man-in-the middle attacks during communications between a mobile device and the back end server in mobile banking applications. IOSR Journal of Computer Engineering (IOSR-JCI), 12(2), 35–42.
Matlof, N. From algorithms to Z-Scores: Probabilistic and statistical modeling in computer science. http://heather.cs.ucdavis.edu/probstatbook
National Research Council. (2012). Disaster resilience: a national imperative. Washington, DC: National Academies Press. http://resilience.abag.ca.gov/wp-content/documents/resilience/toolkit/Disaster%20Recovery_A%20National%20Imperative%20Exec%20Summary.pdf
OPNET Technologies, Inc. http://www.opnet.com/
Park, J., Seager, T. P., Rao, P. S. C., Convertino, M., & Linkov, I. (2013). Integrating risk and resilience approaches to catastrophe management in engineering systems: Perspective. Risk Analysis, 33, 356–367.
Petrova, S. S. (1987). Heaviside and the development of the symbolic calculus. Archive for History of Exact Sciences, 37(1), 1–23.
Phillips, D. T., & Garsia-Diaz, A. (1981). Fundamentals of network analysis. Englewood Cliffs: Prentice-Hall.
PTC Mathcad – PTC. http://www.ptc.com/engineering-math-software/mathcad
Serfozo, R. F. (1999). Introduction to stochastic networks, Applications of mathematics (Vol. 44). New York: Springer.
Smith, P., Hutchison, D., Sterbenz, J. P. G., Schöller, M., Fessi, A., Karaliopoulos, M., Lac, C., & Plattner, B. (2011). Network resilience: A systematic approach. IEEE Communications Magazine, 49(7), 88–97.
Sterbenz, J. P. G., Hutchison, D., Çetinkaya, E., Jabbar, A., Rohrer, J. P., Schöller, M., & Smith, P. (2010, June). Resilience and survivability in communication networks: Strategies, principles, and survey of disciplines. Computer Networks: Special Issue on Resilient and Survivable Networks (COMNET), 54(8), 1245–1265.
Sterbenz, J. P. G., Çetinkaya, E. K., Hameed, M. A., Jabbar, A, & Rohrer, J. P. (2011, January). Modelling and analysis of network resilience (invited paper). In The Third IEEE International Conference on Communication Systems and Networks (COMSNETS) (pp. 1–10). Bangalore, India.
Van Valkenburg, M. E. (1974). Network analysis (3rd ed.). Englewood Cliffs: Prentice-Hall.
Williams, J. (1973). Laplace transforms, Problem solvers. London: George Allen & Unwin.
Zöhrer, M., & Pernkopf, F. (2014). General stochastic networks for classification. Advances in Neural Information Processing Systems, 27, 2015–2023.
Acknowledgments
This research is being supported by the grants of the Russian Foundation of Basic Research (16-29-09482, 18-07-01369, 18-07-01488), partial support of the budgetary subject АААА-А16-116033110102-5, and by the Government of the Russian Federation, Grant 074-U01.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer International Publishing AG, part of Springer Nature
About this chapter
Cite this chapter
Kotenko, I., Saenko, I., Lauta, O. (2019). Modeling the Impact of Cyber Attacks. In: Kott, A., Linkov, I. (eds) Cyber Resilience of Systems and Networks. Risk, Systems and Decisions. Springer, Cham. https://doi.org/10.1007/978-3-319-77492-3_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-77492-3_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-77491-6
Online ISBN: 978-3-319-77492-3
eBook Packages: EngineeringEngineering (R0)