Simulation-Based Optimization Of Information Security Controls: An Adversary-Centric Approach

E. Kiesling, A. Ekelhart, B. Grill, C. Strauss, C. Stummer:
"Simulation-Based Optimization Of Information Security Controls: An Adversary-Centric Approach";
in:"Proceedings of the 2013 Winter Simulation conference", herausgegeben von: IEEE; IEEE Computer Society, 2013, ISBN: 978-1-4799-2076-1, S. 2054 - 2065.

[ Publication Database ]

Abstract:


Today, information systems are threatened not only by the opportunistic exploitation of particular technical weaknesses, but increasingly by targeted attacks that combine multiple vectors to achieve the attackerĀ“s objectives. Given the complexities involved, identifying the most appropriate measures to counteract the latter threats is highly challenging. In this paper, we introduce a novel simulation-optimization method that tackles this problem. It combines rich conceptual modeling of security knowledgewith discrete event simulation and metaheuristic optimization techniques. By simulating attacks, the method infers possible routes of attack and identifies emergent weaknesses while accounting for adversariesĀ“ heterogeneous objectives, capabilities, and available modes of entry. The optimization iteratively adapts the system model by means of a genetic algorithm and optimizes its ability to detect ongoing attacks and prevent their successful execution. We describe a prototypical implementation and illustrate its application by means of scenarios for five types of adversaries.