Home // ICIMP 2021, The Sixteenth International Conference on Internet Monitoring and Protection // View article
Authors:
Louai Maghrabi
Eckhard Pfluegel
Keywords: Cybersecurity, risk assessment, game theory, security games, Nash equilibrium analysis
Abstract:
This paper is concerned with the risk assessment of cyber security attacks on an organisation. We develop the novel attack incentive analysis framework MAEVA based on taking into account a multiplicative function of the attacker's anticipated attack effort and expected reward. We argue that our approach can complement and enhance the standard approach based on estimating risk as a function of attack likelihood and impact on the organisation. We then present an application of our framework to game-theoretic risk assessment, illustrating how it can be used to inform the modelling of attacker-defender scenarios using complete information games. This helps to establish more realistic game-theoretical modelling of security assessment scenarios for practical use.
Pages: 31 to 36
Copyright: Copyright (c) IARIA, 2021
Publication date: May 30, 2021
Published in: conference
ISSN: 2308-3980
ISBN: 978-1-61208-862-4
Location: Valencia, Spain
Dates: from May 30, 2021 to June 3, 2021