Contributions to Proceedings:
E. Kiesling, A. Ekelhart, B. Grill, C. Strauss, C. Stummer:
"Simulation-Based Optimization Of Information Security Controls: An Adversary-Centric Approach";
in: "Proceedings of the 2013 Winter Simulation conference",
issued by: IEEE;
IEEE Computer Society,
Today, information systems are threatened not only by the opportunistic exploitation of particular technical weaknesses, but increasingly by targeted attacks that combine multiple vectors to achieve the attackerīs objectives. Given the complexities involved, identifying the most appropriate measures to counteract the latter threats is highly challenging. In this paper, we introduce a novel simulation-optimization method that tackles this problem. It combines rich conceptual modeling of security knowledge with discrete event simulation and metaheuristic optimization techniques. By simulating attacks, the method infers possible routes of attack and identifies emergent weaknesses while accounting for adversariesī heterogeneous objectives, capabilities, and available modes of entry. The optimization iteratively adapts the system model by means of a genetic algorithm and optimizes its ability to detect ongoing attacks and prevent their successful execution. We describe a prototypical implementation and illustrate its application by means of scenarios for five types of adversaries.
Created from the Publication Database of the Vienna University of Technology.