Survivability Model for Security and Dependability Analysis of a Vulnerable Critical System
read more
Citations
Transmission Early-Stopping Scheme for Anti-Jamming Over Delay-Sensitive IoT Applications
Numerical Evaluation of Job Finish Time Under MTD Environment
On the Security of Cyber-Physical Systems Against Stochastic Cyber-Attacks Models
Quantitative security analysis of a dynamic network system under lateral movement-based attacks
Optimization of Cyber System Survivability Under Attacks Using Redundancy of Components
References
SPNP: stochastic Petri net package
Fighting bugs: remove, retry, replicate, and rejuvenate
Quantification of system survivability
Modeling and Analysis of High Availability Techniques in a Virtualized System
Survivability analysis of a two-tier infrastructure-based wireless network
Related Papers (5)
Comparative analysis and patch optimization using the cyber security analytics framework
Frequently Asked Questions (12)
Q2. What is the priority of the token?
When there is a token respectively in startisolateP and vulP ( repairP , exploitP , infectP , lmovP , or efilP ), the immediate transition1ct ( 2ct , 3ct , 4ct , 5ct , or 6ct ) fires.
Q3. What is the time t that isolateT fires?
When isolateT fires, one token is taken from preisolateP and one token is put in startisolateP , representing that the isolation strategy is ready for deployment.
Q4. What is the shaded part of the system?
The shaded part denoted by System describes the system state changes under the attack actions and the two reactive defense strategies.
Q5. What is the first step in the process of infecting a new host?
a token is taken fromstartisolateP and vulP ( repairP , exploitP , infectP , lmovP , or efilP ) , and deposited in place finishisolateP .
Q6. What is the meaning of time t?
This means that system failure, exploitation code implementation, patch implementation, and the vulnerability-related service isolation implementation occur parallelly.
Q7. What is the time t of the token?
When a software vulnerability is identified, one token is removed from vu lfoundP with rate δ and put in _vul sP , vulP ,prepareP , and preisolateP each.
Q8. How long does it take for malware to launch attack?
The authors observe that with the increasing mean days for the isolation implementation, there ismore mean sojourn time for malware to launch attack to local system.
Q9. What is the funding for the research of Ricardo Rodrguez?
The research of Ricardo J. Rodríguez is supported in part by Spanish Ministry of Economy, Industry and Competitiveness project CyCriSec (grant number TIN201458457-R).
Q10. What is the system state of the attack?
When the attacked system is in Lmoved or Exfiltrated state, the malware also could infect new vulnerable hosts which have not been infected before.
Q11. What is the average number of new infected hosts?
Mean number of new infected hosts at time t . • Metric 3m . Mean accumulated security loss of the localsystem in the interval [0, t ]. • Metric 4m . Mean accumulated number of the new infectedhosts in the interval [0, t ]. • Metric 5m . Mean accumulated cost in the interval [0, t ]. • Metric 6m . Mean accumulated revenue in the interval [0, t]. • Metric 7m . Mean accumulated profit in the interval [0, t ].
Q12. How many places are affected by the lmovP?
4m * Trans Infectmc + the sum of mean accu-mulated loss of each place in the interval [0, t ]. • 6m : the sum of mean accumulated reward of each placein the interval [0, t ]. • 7 6 5m m m= − .IV.