Abstract
With ever increasing application of information technologies in every day activities, organizations face the need for applications that provides better security. The existence of complex IT systems with multiple interdependencies creates great difficulties for Chief Security Officers to comprehend and be aware of all potential risks in such systems. Intelligent decision making for IT security is a crucial element of an organization’s success and its competitive position in the marketplace. This paper considers the implementation of an integrated attack graph and a Fuzzy Cognitive Maps (FCM) to provide facilities to capture and represent complex relationships in IT systems. By using FCMs the security of IT systems can regularly be reviewed and improved. What-if analysis can be performed to better understand vulnerabilities of a designed system. Finally an integrated system consisting of FCM, Attack graphs and Genetic Algorithms (GA) is used to identify vulnerabilities of IT systems that may not be apparent to Chief Security Officers.
Chapter PDF
Similar content being viewed by others
References
Gupta, I.S., Winstead, J.: Using Attack Graphs to Design Systems. In: IEEE Security and Privacy. IEEE Computer Society Publishing, Los Alamitos (2007)
Peterson, G., Steven, J.: Defining Misuse within the Development Process. IEEE Security & Privacy 4(6), 81–84 (2006)
Peeters, J., Dyson, P.: Cost- Effective Security. IEEE Security & Privacy 5(3), 85–87 (2007)
Kosko, B.: Fuzzy Engineering. Prentice Hall, Upper Saddle River (1997)
Kosko, B.: Fuzzy Cognitive Maps. International Journal of Man-Machine Studies 24, 65–75 (1986)
Aguilar, J.: A Survey about Fuzzy Cognitive Maps Papers. International Journal of Computational Cognition 3(2), 27–33 (2005)
Goldberg, D.: Genetic Algorithms in Search, Optimisation and Machine Learning. Addison Wesley, Reading (1989)
Swiler, L.P., Phillips, C., Ellis, D.: Chakerian. S.: Computer-attack graph generation tool. In: DISCEX II 2001: DARPA Information Survivability Conference and Exposition Conference and Exposition, vol. 2, pp. 307–321 (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 IFIP International Federation for Information Processing
About this paper
Cite this paper
Mohammadian, M. (2011). Intelligent Risk Identification and Analysis in IT Network Systems. In: Iliadis, L., Maglogiannis, I., Papadopoulos, H. (eds) Artificial Intelligence Applications and Innovations. EANN AIAI 2011 2011. IFIP Advances in Information and Communication Technology, vol 364. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-23960-1_44
Download citation
DOI: https://doi.org/10.1007/978-3-642-23960-1_44
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-23959-5
Online ISBN: 978-3-642-23960-1
eBook Packages: Computer ScienceComputer Science (R0)