A risk assessment and optimisation model for minimising network security risk and cost

5.00
Hdl Handle:
http://hdl.handle.net/10547/270440
Title:
A risk assessment and optimisation model for minimising network security risk and cost
Authors:
Viduto, Valentina
Abstract:
Network security risk analysis has received great attention within the scientific community, due to the current proliferation of network attacks and threats. Although, considerable effort has been placed on improving security best practices, insufficient effort has been expanded on seeking to understand the relationship between risk-related variables and objectives related to cost-effective network security decisions. This thesis seeks to improve the body of knowledge focusing on the trade-offs between financial costs and risk while analysing the impact an identified vulnerability may have on confidentiality, integrity and availability (CIA). Both security best practices and risk assessment methodologies have been extensively investigated to give a clear picture of the main limitations in the area of risk analysis. The work begins by analysing information visualisation techniques, which are used to build attack scenarios and identify additional threats and vulnerabilities. Special attention is paid to attack graphs, which have been used as a base to design a novel visualisation technique, referred to as an Onion Skin Layered Technique (OSLT), used to improve system knowledge as well as for threat identification. By analysing a list of threats and vulnerabilities during the first risk assessment stages, the work focuses on the development of a novel Risk Assessment and Optimisation Model (RAOM), which expands the knowledge of risk analysis by formulating a multi-objective optimisation problem, where objectives such as cost and risk are to be minimised. The optimisation routine is developed so as to accommodate conflicting objectives and to provide the human decision maker with an optimum solution set. The aim is to minimise the cost of security countermeasures without increasing the risk of a vulnerability being exploited by a threat and resulting in some impact on CIA. Due to the multi-objective nature of the problem a performance comparison between multi-objective Tabu Search (MOTS) Methods, Exhaustive Search and a multi-objective Genetic Algorithm (MOGA) has been also carried out. Finally, extensive experimentation has been carried out with both artificial and real world problem data (taken from the case study) to show that the method is capable of delivering solutions for real world problem data sets.
Citation:
Viduto, V. (2012) 'A risk assessment and optimisation model for minimising network security risk and cost'. PhD thesis. University of Bedfordshire.
Publisher:
University of Bedfordshire
Issue Date:
Dec-2012
URI:
http://hdl.handle.net/10547/270440
Type:
Thesis or dissertation
Language:
en
Description:
A thesis submitted for the degree of Doctor of Philosophy
Appears in Collections:
PhD e-theses

Full metadata record

DC FieldValue Language
dc.contributor.authorViduto, Valentinaen_GB
dc.date.accessioned2013-02-26T10:09:10Z-
dc.date.available2013-02-26T10:09:10Z-
dc.date.issued2012-12-
dc.identifier.citationViduto, V. (2012) 'A risk assessment and optimisation model for minimising network security risk and cost'. PhD thesis. University of Bedfordshire.en_GB
dc.identifier.urihttp://hdl.handle.net/10547/270440-
dc.descriptionA thesis submitted for the degree of Doctor of Philosophyen_GB
dc.description.abstractNetwork security risk analysis has received great attention within the scientific community, due to the current proliferation of network attacks and threats. Although, considerable effort has been placed on improving security best practices, insufficient effort has been expanded on seeking to understand the relationship between risk-related variables and objectives related to cost-effective network security decisions. This thesis seeks to improve the body of knowledge focusing on the trade-offs between financial costs and risk while analysing the impact an identified vulnerability may have on confidentiality, integrity and availability (CIA). Both security best practices and risk assessment methodologies have been extensively investigated to give a clear picture of the main limitations in the area of risk analysis. The work begins by analysing information visualisation techniques, which are used to build attack scenarios and identify additional threats and vulnerabilities. Special attention is paid to attack graphs, which have been used as a base to design a novel visualisation technique, referred to as an Onion Skin Layered Technique (OSLT), used to improve system knowledge as well as for threat identification. By analysing a list of threats and vulnerabilities during the first risk assessment stages, the work focuses on the development of a novel Risk Assessment and Optimisation Model (RAOM), which expands the knowledge of risk analysis by formulating a multi-objective optimisation problem, where objectives such as cost and risk are to be minimised. The optimisation routine is developed so as to accommodate conflicting objectives and to provide the human decision maker with an optimum solution set. The aim is to minimise the cost of security countermeasures without increasing the risk of a vulnerability being exploited by a threat and resulting in some impact on CIA. Due to the multi-objective nature of the problem a performance comparison between multi-objective Tabu Search (MOTS) Methods, Exhaustive Search and a multi-objective Genetic Algorithm (MOGA) has been also carried out. Finally, extensive experimentation has been carried out with both artificial and real world problem data (taken from the case study) to show that the method is capable of delivering solutions for real world problem data sets.en_GB
dc.language.isoenen
dc.publisherUniversity of Bedfordshireen_GB
dc.subjectG420 Networks and Communicationsen_GB
dc.subjectnetwork security risk analysisen_GB
dc.subjectcomputer securityen_GB
dc.subjectnetwork securityen_GB
dc.titleA risk assessment and optimisation model for minimising network security risk and costen
dc.typeThesis or dissertationen
dc.type.qualificationnamePhDen
dc.type.qualificationlevelDoctoralen
dc.publisher.institutionUniversity of Bedfordshireen
This item is licensed under a Creative Commons License
Creative Commons
All Items in UOBREP are protected by copyright, with all rights reserved, unless otherwise indicated.