1 / 13

An adversarial risk analysis framework for cybersecurity

An adversarial risk analysis framework for cybersecurity. D. Ríos Insua 1 , A. Couce Vieira 1 , J.A. Rubio 2 , W. Pieters 3 , K. Labunets 3 , D. Garcia Rasines 4 , K. Musaraj 5 , P. Briggs 6

Download Presentation

An adversarial risk analysis framework for cybersecurity

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. An adversarial risk analysis framework for cybersecurity D. Ríos Insua1, A. Couce Vieira1, J.A. Rubio2, W. Pieters3,K. Labunets3, D. Garcia Rasines4, K. Musaraj5, P. Briggs6 1ICMAT-CSIC, 2U. Complutense de Madrid, 3Delft TU, 4Imperial College, 5AXA Tech. Serv., 6Northumbria University Part of the H2020 project CYBECO on supporting cyber insurance from a behavioural choice perspective

  2. Challenges/Objectives Overcome risk matrices as risk calculation tool Analyse adversarial cybersecurity threats Include cyber insurance in risk analysis modelling Include decision-maker’s preferences and risk attitudes Facilitate informed decision-making in cybersecurity Implement it as software • An adversarial risk analysis framework for cybersecurity • SRA-E Conference 2018, Östersund, Sweden – June 18-20, 2018

  3. Risk analysis model templateARA defend-attack model • An adversarial risk analysis framework for cybersecurity • SRA-E Conference 2018, Östersund, Sweden – June 18-20, 2018

  4. Risk analysis framework Definition of the risk analysis scope – e.g., document management SME, its online e- service and for 1 year. Identification of risk components Organisation assets at risk – e.g. facilities, computer equipment, market share Non-targeted threats – e.g., fire and computer virus Targeted threats (targeted to attack us) – e.g., DDoS attack from a competitor Other uncertainties affecting risk relevant to the organisation – e.g., duration of DDoS Security controls – e.g., anti-fire system, DDoS protection system Cyber insurance products – e.g., traditional, cyber, comprehensive Impacts over the organisation’s assets and interests – e.g., over facilities, market share Impacts over the targeted threats – e.g., being detected Preferences and risk attitudes of the organisation Preferences and risk attitudes of the targeted threats – eg the competitor • An adversarial risk analysis framework for cybersecurity • SRA-E Conference 2018, Östersund, Sweden – June 18-20, 2018

  5. Risk analysis framework Problem structuring with our risk analysis model • An adversarial risk analysis framework for cybersecurity • SRA-E Conference 2018, Östersund, Sweden – June 18-20, 2018

  6. Risk analysis framework Problem solving – to solve it first we solve the attacker part, then the defender part. Attacker i.e. the competitor Defenderi.e., the organisation • An adversarial risk analysis framework for cybersecurity • SRA-E Conference 2018, Östersund, Sweden – June 18-20, 2018

  7. Risk analysis framework Problem solving Assess the organisation’s non-strategic beliefs and preferences Modelling the defender problem with the support of data and expert judgement. All nodes, except those that correspond to an attacker decision Assess the random beliefs and preferences of the adv. threat Modelling and simulating the attacker problem to forecast its actions and obtain the probability distribution that we will use to complete the defender model. Solve the organisation’s problem This involves the construction of algorithms and its software implementation • An adversarial risk analysis framework for cybersecurity • SRA-E Conference 2018, Östersund, Sweden – June 18-20, 2018

  8. Risk analysisframework Implemented in R -- for calculation CYBECO toolbox -- for displaying the results • An adversarial risk analysis framework for cybersecurity • SRA-E Conference 2018, Östersund, Sweden – June 18-20, 2018

  9. CYBECOToolbox • An adversarial risk analysis framework for cybersecurity • SRA-E Conference 2018, Östersund, Sweden – June 18-20, 2018

  10. CYBECO Toolbox • An adversarial risk analysis framework for cybersecurity • SRA-E Conference 2018, Östersund, Sweden – June 18-20, 2018

  11. Risk analysis framework Implementing the previous procedure we are able to calculate: Best security control and insurance portfolio Overall probability of different events Expected impacts given the different probabilities Further analysis are possible: sensitivity analysis, constraints, return on security investment, … • An adversarial risk analysis framework for cybersecurity • SRA-E Conference 2018, Östersund, Sweden – June 18-20, 2018

  12. Current/future work around the ARA framework Doing a model for a complete risk analysis case study in CYBECO Computational enhancements: Generalised interactions (ie, not only defend-attack cases) Augmented probability simulation (ie, faster optimisation) Other general risk problems: Insurance company on whether to grant cyber insurance to company Insurance company deciding their reinsurance portfolio [for cyber] Preference modelling: Cybersecurity risk management objectives (trees of objectives > attributes that measures them > utility functions) Cyber attacker objectives • An adversarial risk analysis framework for cybersecurity • SRA-E Conference 2018, Östersund, Sweden – June 18-20, 2018

  13. CSIRA: A method for analysing the risk of cybersecurity incidents Thank you!

More Related