A

Literature Review On

YBER SECURITY

( CYBER RISK MANAGEMENT )

e GOVERNANCE KEY STRATEGIC AREA: CYBER SECURITY.

RESEARCH AREA: CYBER RISK MANAGEMENT.

TITLE: A CYBER ATTACK PREDICTION MODEL FOR CYBER RISK MANAGEMENT

AIM AND OBJECTIVE OF RESEARCH:

A. Extensive literature survey about various types of cyber attacks and defense methodologies

B. Evolving a Cyber Risk Management model in support of the information security.

C. Generalize and socialize the usage of Cyber Risk Management model.

D. Usage of the proposed model in various applications of cyber defense.

KEY WORDS:

Cyber Security, cyber attacks, Risks Assessment, Cyber Risk Management, Cyber Attacks Prediction Model. Bayesian network (BN)

INTRODUCTION Cyber Risk Management is simply to look at what could go wrong - and then decide on what ways to prevent or minimize these potential problems. Now-a days it is becoming an increasingly important activity within both private and public sectors and organizations. We all carry out informal risk management numerous times in the course of a day without even realizing it. So it is important to identify the risk first. Our ability to analyze the consequences of each decision is risk assessment. What we decide to do after performing that quick analysis is risk mitigation based on proper early training and our experience . These decisions are a result of our risk assessment of the situation. So The process of taking actions to assess risks and avoid or reduce risk to acceptable levels is called as risk management.

GENERAL RESEARCH GUIDELINES FOR CYBER RISK MANAGEMENT Phase 1: Extensive Literature survey In this phase related work from journals, magazines, and books will be read and analyzed to give the appropriate direction to the work. This phase will be a part of the work during the whole of the research. Phase2: Study of popular risk management techniques. What are the components of risk management? What are the basic approaches for cyber risk management? How the traditional risk management differs from the cyber risk management? What is the required infrastructure for the cyber risk management How cyber risk management affects the society?

Phase3: Finding and categorizing the most recent risk management techniques. Study an Imperial Comparison of various cyber risk approaches. Find out the best approach from the literature survey for the cyber risk management. Identify its type, statistical analysis or Numerical analysis? The some of the improvements have to be suggested in the existing one

Phase4: Modeling the Defense against the Networks This phase will be related to find out and fix various parameters for using cyber risk management by comparing with the traditional techniques.. After this, it will be easy to make a model framework for using insurance for cyber risk management. There are certain methods of modeling like- deterministic modeling, stochastic modeling, etc.. Phase5: Simulating the Results and providing the implementation Details In this phase, the simulation of the result will be carried out by using existed simulated tools such as SWORM or SEMENTIC WORM SIMULATOR 1.0. Phase6: Discussion of results and findings of the research work. Report writing and thesis submission.

PHASE1: EXTENSIVE LITERATURE SURVEY

1. CYBER ATTACKS PREDICTION MODEL BASED ON BAYESIAN NETWORK.
2012 IEEE 18th International Conference on Parallel and Distributed Systems

Authors

Jinyu Wu

Lihua Yin

Yunchuan Guo

This paper gives outline about the Cyber attacks prediction model and its importance in cyber risk management for performing evaluation of network security. Now a days Graphical models such as attack graphs become the main-stream approach but this model propose a cyber attacks prediction model based on Bayesian network (BN) This prediction model implements by considering values like. a) The value of assets in the network, b) The usage condition of the network c) The attack history of the network

2. CYBER SECURITY RISKS ASSESSMENT WITH BAYESIAN DEFENSE GRAPHS

AND ARCHITECTURAL MODELS

Proceedings of the 42nd Hawaii International Conference on System Sciences - 2009

Authors

Teodor Sommestad

Mathias Ekstedt

Pontus Johnson

This paper presents a model based assessment framework for analyzing the cyber security provided by different architectural scenarios. The framework uses the Bayesian statistics based Extended Influence Diagrams to express attack graphs and related countermeasures. In this paper it is demonstrated how this structure can be captured in an abstract model to support analysis based on architectural models. The approach allows calculating the probability that attacks will succeed and the expected loss of these given the instantiated architectural scenario. Moreover, the framework can handle the uncertainties that are accompanied to the analyses.

This paper describes an information system analysis framework that is well equipped for dealing with uncertainty can be merged with architecture Metamodels by using a concept we call Abstract models.

3. TERRAIN AND BEHAVIOR MODELING FOR PROJECTING MULTISTAGE

CYBER ATTACKS
Authors

Daniel Fava

Jared Holsopple

Shanchieh Jay Yang Brian Argauer

This work explains the concept of separating the modeling of network and system configuration from the extraction of attack behavior. The first part shows which critical

information of a computer network is necessary for threat prediction, and whether this information can be obtained and updated automatically. based upon this a model was proposed called virtual cyber terrain that models the accessibility or exposure of system vulnerabilities at different network access domains. The cyber terrain model is not goal-oriented like a typical vulnerability tree, nor does it utilize probabilities such as a Bayesian network. It is a directed graph containing critical topological and system configuration information for situation and threat assessment caused by cyber attacks. In this paper authors have extracted patterns from traced cyber attack actions. Note that behavior is influenced by the attackers intent, his or her preferred exploit sequences and capabilities, and the network and system vulnerability exposed to the attacker. General perception is that cyber attack behavior can be diverse and changing. Based upon the experiments using traced ground truth data that do not contain exploit evolution, i.e., there is a finite set of attack types. The authors uses traditional work on

prediction, which has a significant overlap with the study of data compression. A customized suffix tree is developed to examine what trends, if any, may exist in the types of attacks an attacker may choose to execute. Cyber terrain, which determines vulnerabilities and possibly exposed targets, along with behavior extraction may provide efficient and accurate projection of cyber threats. The last part of the work illustrate the proposed cyber terrain and our findings on the behavior extraction experiments.

4. SECURITY RISK ANALYSIS AND EVALUATION

IEEE Communications Society 0-7803-8533-0/04/$20.00 (c) 2004 IEEE

Authors

Fotios Harmantzis

Manu Malek

The objective of this paper is to develop quantitative estimates of financial losses due to breaches of security. The main focus is on governmental and corporate institutions within the United States, as the US has the highest number of Internet users in the world. Furthermore, within the US, our focus is on key industries and government services, which are more vulnerable to security attacks. The collected data is on the different types of attacks on these key technology infrastructures. In this work The data collected is based on the different types of technologies used, network types, applications, geographical impact, and the timings of the attacks. This paper gives a systematic and organized view on network security. So In Section II review the significance of attacks, some statistics related to them, and their economic impact are explained. Section III explains how to formulate the problem in a quantitative manner and present how this methodology framework can be applied for risk analysis and evaluation. This was a unique approach in quantifying security risk, and constitutes main contribution to network security. Section IV outline how the researcher plan to use attack signatures in

conjunction with data mining techniques, for intrusion detection as well as prediction. Section V summarize the thoughts and observations and outline our future research directions.

5. PREDICTION OF MALICIOUS OBJECTS IN COMPUTER NETWORK AND

DEFENSE
International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.6, November 2011\

Authors

Hemraj Saini

T. C. Panda

Minaketan Panda

This research paper envisages defense of critical information used in Computer Networks those are using Network Topologies such as Star Topology. The first part of the paper develops a model to predict the malicious traffic from the incoming traffic by using Black Scholes Equations. MATLAB is used to simulate the developed model for realistic values. However, the second part of the problem provides a framework for the treatment of predicted malicious traffic with detailed discussion of security measures.

6. INTELLIGENT NETWORK INFRASTRUCTURE SYSTEMS ARCHITECTURE AND

INTEGRATION, RISK MANAGEMENT AND VALIDATION 1st Annual IEEE Systems Conference Waikiki Beach, Honolulu, Hawaii, USA April 9-12, 2007
Authors

Emmanuel Hooper

In this Research paper

Effective risk assessments and management of the intelligent

detection and response strategies include establishing risk management policies, processes, responsibility, refill sources and process evaluation. This outlines the ideas like

1. Technical and management processes in Intelligent VPN system design and responses. 2. Planning and implementation of risk management in Intelligent VPN system design and responses. 3. Management of the project risk profile of intelligent detection and VPN and firewall system design responses. 4. Performing risk analysis in the intelligent detection and response strategies. 5. Performing risk treatment of the intelligent detection and response strategies. 6. Performing risk monitoring of the intelligent detection and response strategies. 7. Evaluating the risk management processes of the intelligent detection and response strategies. 8. Analysis of risk management process of the intelligent detection and response strategies.

7. ORGANIZATIONAL ADOPTION OF CYBER INSURANCE INSTRUMENTS IN IT

SECURITY RISK MANAGEMENT Proceedings of the Southern Association for Information Systems Conference, Atlanta, GA, USA March 23rd-24th, 2012
Authors

Tridib Bandyopadhyay

This research attempts to identify the factors that explain the approach of adoption of cyber insurance in managing cyber risk of an organization. Grounded on the context based Technology Organization Environment (TOE) framework of adoption of innovation, the author proposes a research model that integrates technology, organizational and environmental factors surrounding the adoption of cyber insurance. It begin with the insights from TOE literature, and contextualize them with the specificities of cyber insurance in order to formulate a set of relevant hypotheses, empirical validation of which could provide valuable insight into organizational adoption (or the observed lack) of cyber insurance. This research attempts to explain the contextual factors that affect successful organizational adoption of cyber insurance and extend the TOE adoption of innovation theory in the area of IT security risk management . It explains how the Cyber insurance can be an effective instrument to transfer cyber risk and complement the benefits from technological controls that guard the IS (information and network) assets in organizations. The main goal of the authors in this study is to provide an adequate model for organizational adoption of cyber insurance in IS risk management

8. A SOCIO-TECHNICAL APPROACH TO CYBER RISK MANAGEMENT AND

IMPACT ASSESSMENT.
JOURNAL OF INFORMATION SECURITY, 2013, 4, 33-41 doi:10.4236/jis.2013.41005 Published Online January 2013 (http://www.scirp.org/journal/jis)

Authors

Konstantinia Charitoudi

Andrew Blyth

The model proposed in this paper people and the

based upon socio-technical systems that places the

technology within an organizations business/functional context. Thus in

performing risk management in a cyber security and safety context, a detailed picture of the impact that a security/safety incident can have on an organization is developed. This in turn stimulates a more holistic view of the effectiveness, and appropriateness, of a counter measure. According to the author the term socio-technical system is used to describe the function and form that people (individuals, groups, roles and organizations), physical equipment (buildings, surroundings, etc.), hardware and software, laws and regulations that accompany the

organizations (e.g. laws for the protection of privacy), data (what data are kept, in which formats, who has access to them, where they are kept) and procedures (official and unofficial processes, data flows, relationships play in comprising an organization. Thus the authors target to construct a framework that will allow to the user to think about risk and impact assessment as a stateful model on a socio-technical systems level so as to better capture the dynamics of a cybernetic organization . uses stateful models to express the status quo of an organization, i.e. the cur- rent state of the systems, personnel and processes at each discrete moment before and after an event have occurred Thus it will allow to be able to run different threat scenarios and detect the potential vulnerabilities in a corporate network.

9. GUIDELINES FOR USABLE CYBER SECURITY: PAST AND PRESENT

Proceedings of the 2007 IEEE Symposium on Computational Intelligence in Security and Defense Applications (CISDA 2007)

Authors

Jason R. C. Nurse

Sadie Creese

Michael Goldsmith & Koen Lamberts

In this paper, the researcher aim to recap some of the major developments in the Cyber security Usability and Human-Computer Interaction and Security (HCISec) domains, particularly as they relate to guidance and recommendations for highly usable cyber security systems Whilst investigating this topic, anyone can take the opportunity to get an up-to-date review of cyber Security usability issues and evaluation techniques applied in day to day problems. 10. PUBLIC-PRIVATE RESILIENCE 2011 European Intelligence and Security Informatics Conference
Authors

Sren Matz Aalborg, Denmark

This paper describes the central problem statement in relation to cyber-based critical infrastructures with an aim to map and inform accountability in business crime risk management policies and instrumentation. The main focus areas are of this paper are

1. Security and crime in cyber-based critical infrastructures 2. State-market dichotomy 3. National security and corporate crime risk management 4. Public-private governance 5. The Danish corporate security risk management 11. NATIONAL CYBER SECURITY POLICY 2013(INDIA) JUL 2ND, 2013
Authors Times of India

National Cyber Security Policy 2013 was lunched on Jul 2nd, 2013 .It aims at building a secure and resilient cyberspace for citizens, businesses and the government. Communications and IT Minister Kapil Sibal explained the necessity of the policy and said there were always chances of cyber attacks from state and non-state actors, corporate and terrorists. He said critical infrastructure like the air defense system, power infrastructure, nuclear plants, and telecommunications system needed to be well insulated; otherwise it may lead to economic instability. The distinctive feature of this policy is to create a mechanism to obtain information regarding information and communications technology (ICT) infrastructure threats and to respond to it and solve it. It aims at doing crisis management through effective, preventive and proactive recovery actions. This policy comes amid reports of snooping by the US globally and everincreasing threats to the country from cyber attacks. India witnessed 13,000 cyber attacks in 2011. The policy aims at setting up a nodal agency to coordinate all matters related to cyber security in the country with clearly defined roles and responsibilities. It also aims at creating a secure cyber eco-system; strengthening the regulatory framework; creating mechanisms for early warning, vulnerability management and response to security threats. It also seeks to promote research and development in cyber security and reduce supply chain risks among other objectives.

12. PRESIDENT OBAMAS KEY GUIDELINES ON CYBER SECURITY

Authors Report National
Economic Council.

President Obama has declared that the cyber threat is one of the most serious economic and national security challenges we face as a nation and that America's economic prosperity in the 21st century will depend on cyber security. According to The Presidents Cyberspace Policy Review identifies 10 near term actions to support cyber security in day to day lives. The Key Guidelines are. 1. Appoint a cyber security policy official responsible for coordinating the Nations cyber security policies and activities. 2. Prepare for the Presidents approval an updated national strategy to secure the information and communications infrastructure. 3. Designate cyber security as one of the Presidents key management priorities and establish performance metrics 4. Designate a privacy and civil liberties official to the NSC cyber security directorate. 5. Conduct interagency-cleared legal analyses of priority cyber security-related issues. 6. Initiate a national awareness and education campaign to promote cyber security. 7. Develop an international cyber security policy framework and strengthen our international partnerships. 8. Prepare a cyber security incident response plan and initiate a dialog to enhance public-private partnerships. 9. Develop a framework for research and development strategies that focus on game-changing technologies that have the potential to enhance the security, reliability, resilience, and trustworthiness of digital infrastructure. 10. Build a cyber security-based identity management vision and strategy, leveraging privacyenhancing technologies for the Nation.

13.

NATIONAL STRATEGY FOR CYBERSPACE SECURITY INDIA

Authors

S R R Aiyengar

This paper gives more attention to the terms like cyber security and cyber crimes. and gives idea about 1. Threat Scenario and Assessment of Vulnerabilities 2. Threat Characteristics 3. Threats to National Security 4. Chinese and Pakistani Threat to Indian Cyberspace 5. Cyber Attacks on Critical Infrastructure 6. National Strategy to Secure Indian Cyberspace 7. Strategic Objectives for Cyber Defense

OTHER REFERENCES: [1] S. Jha, O. Sheyner, J. Wing, Two formal analyses of attack graphs, Proc. of the 15th IEEE Computer Security Foundations Workshop, 2002, Cape Breton, IEEE Computer Society, pp.4963. [2] X. Ou, W. Boyer, M. McQueen, A scalable approach to attack graph generation, Proc. of the 13th ACM Conf. on Computer and Communications Security, 2006, ACM Press, pp. 336345. [3] V. Mehta, C. Bartzis, H. Zhu, Ranking Attack Graphs, Proc of the 9th Intern ational Symposium on Recent Advances in Intrusion Detection, Alexandria, 2006, Springer Press, pp.127-144. [4] Y. Ye, X. Xu, Y. Jia and etc, An Attack Graph-Based Probabilistic Computing Approach of Network Security, Chinese Journal of Computers, 2010, vol. 33(10), pp.1987-1996. [5] P. Xie, J. Li, X. Ou, and etc, Using Bayesian Networks for Cyber Security Analysis, Proc. 40th IEEE/IFIP Intl Conf. Dependable Systems and Networks, 2010. [6] S. Matz, Internationale principper for risikostyring i den kritiske infrastruktur [International principles of crisis management in critical infrastructures], Aalborg 2009: Unpublished.

[7] S. Matz,Shared accountability: Security, crime, and risk in cyber -based critical infrastructures Paper presented at Scandinavian Research Council for Criminology, 11-13 May 2011, Stockholm: in press. [8] Danish Ministry of Defence,Regeringens redegrelse om beredskabet [Governments report on the national emergency management], Copenhagen: MoD 2009. [9] Danish Emergency Management Agency, National srbarhedsrapport 2009 [National vulnerability report], Birkerd: Beredskabsstyrelsen, 2009. [10] E. Krahmann, Conceptualizing Security Governance, in Cooperation and Conflict: Journal of the Nordic International Studies Association, Vol. 38(1): 5-26, 3003.