Add to ORKGAttack tree analysis is used to estimate different parameters of general security threats based on information available for atomic subthreats. We focus on estimating the expected gains of an adversary based on both the cost and likelihood of the subthreats. Such a multi-parameter analysis is considerably more complicated than separate probability or skill level estimation, requiring exponential time in general. However, this paper shows that under reasonable assumptions a completely different type of optimal substructure exists which can be harnessed into a linear-time algorithm for optimal gains estimation. More concretely, we use a decision-theoretic framework in which a rational adversary sequentially considers and performs the availabl...
Part 2: 4th International Workshop on Security and Cognitive Informatics for Homeland Defense (SeCIH...
peer reviewedRisk treatment is an important part of risk management, and deals with the question whi...
peer reviewedPerforming a thorough security risk assessment of an organisation has always been chall...
We present the results of research of limiting adversarial budget in attack games, and, in particula...
The success of a security attack crucially depends on the resources available to an attacker: time, ...
Attack trees are a well-known formalism for quantitative analysis of cyber attacks consisting of mul...
The success of a security attack crucially depends on the resources available to an attacker: time, ...
Attack trees are a well-known formalism for quantitative analysis of cyber attacks consisting of mul...
We present a new fully adaptive computational model for attack trees that allows attackers to repeat...
Constraints such as limited security investment cost precludes a security decision maker from implem...
Cyber breaches have grown exponentially over the years, both in the number of incidents and in damag...
International audienceSecurity analysis is without doubt one of the most important issues in a socie...
We present the results of research of limiting adversarial budget in attack games, and, in particula...
The number of cyberattacks has been growing over time and is expected to keep growing. In order to p...
the date of receipt and acceptance should be inserted later Abstract Researchers have previously loo...
Part 2: 4th International Workshop on Security and Cognitive Informatics for Homeland Defense (SeCIH...
peer reviewedRisk treatment is an important part of risk management, and deals with the question whi...
peer reviewedPerforming a thorough security risk assessment of an organisation has always been chall...
We present the results of research of limiting adversarial budget in attack games, and, in particula...
The success of a security attack crucially depends on the resources available to an attacker: time, ...
Attack trees are a well-known formalism for quantitative analysis of cyber attacks consisting of mul...
The success of a security attack crucially depends on the resources available to an attacker: time, ...
Attack trees are a well-known formalism for quantitative analysis of cyber attacks consisting of mul...
We present a new fully adaptive computational model for attack trees that allows attackers to repeat...
Constraints such as limited security investment cost precludes a security decision maker from implem...
Cyber breaches have grown exponentially over the years, both in the number of incidents and in damag...
International audienceSecurity analysis is without doubt one of the most important issues in a socie...
We present the results of research of limiting adversarial budget in attack games, and, in particula...
The number of cyberattacks has been growing over time and is expected to keep growing. In order to p...
the date of receipt and acceptance should be inserted later Abstract Researchers have previously loo...
Part 2: 4th International Workshop on Security and Cognitive Informatics for Homeland Defense (SeCIH...
peer reviewedRisk treatment is an important part of risk management, and deals with the question whi...
peer reviewedPerforming a thorough security risk assessment of an organisation has always been chall...