Intrusion Risk Analysis and the Power Law Distribution of Attacks

Juan Manuel Garcia Garcia

Abstract

Risk analysis is the first essential step in the risk management process. In order to do an effective risk analysis, is necessary to identify and quantify the threats to information technology assets. Then statistical models of information security threats are required to develop effective risk analysis methodologies. We present experimental evidence suggesting that network intrusion attacks follows a power law distribution and then we explore some implications for intrusion risk analysis.

References

  1. R. J. Adler, R. E. Feldman and M. S. Taqqu (eds). A Practical Guide to Heavy Tails: Statistical Techniques and Applications, Birkhauser, Boston, 1998.
  2. R. G. Bace. Intrusion Detection, QUE, 1st Edition, December 1999.
  3. L. Breslau, P. Cao, L. Fan, G. Phillips and S. Shenker. Web caching and Zipf-like distributions: evidence and implications. Proceedings of INFOCOMM'99, IEEE Press, 2000.
  4. A. B. Downey. Evidence for long-tailed distributions in the Internet. ACM SIGCOMM Internet Measurement Workshop, November 2001.
  5. H. M. Edwards. Riemann's Zeta Function. Dover Pubns, June 2001.
  6. W. Lee, W. Fan, M. Miller, S.J. Stolfo and E. Zadok. Toward Cost-Sensitive Modeling for Intrusion Detection and Response. Workshop on Intrusion Detection and Prevention, 7th ACM Conference on Computer Security, Athens, November 2000.
  7. U. Lindqvist and E. Jonsson. How to systematically classify computer security intrusions. Proceedings of the IEEE Symposium on Research in Security and Privacy, Oakland CA, May 1997.
  8. S. Northcutt and J. Novak. Network Intrusion Detection, QUE, 3rd Edition, August 2002.
  9. R.S. Pathak. Integral Transforms of Generalized Functions and Their Applications. Taylor & Francis, December 1997.
  10. T.R. Peltier. Information Security Risk Analysis, Auerbach Pub., 1st. edition, January 2001.
  11. J.K. Tudor. Information Security Architecture: An Integrated Approach to Security in the Organization, CRC Press, September 2000.
  12. H. Wei, D. Frinke, O. Carter and C. Ritter. Cost-Benefit Analysis for Network Intrusion Detection Systems, CSI 28th Annual Computer Security Conference, Washington D.C., October 2001.
Download


Paper Citation


in Harvard Style

Manuel Garcia Garcia J. (2004). Intrusion Risk Analysis and the Power Law Distribution of Attacks . In Proceedings of the 2nd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2004) ISBN 972-8865-07-4, pages 47-52. DOI: 10.5220/0002659500470052


in Bibtex Style

@conference{wosis04,
author={Juan Manuel Garcia Garcia},
title={Intrusion Risk Analysis and the Power Law Distribution of Attacks},
booktitle={Proceedings of the 2nd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2004)},
year={2004},
pages={47-52},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002659500470052},
isbn={972-8865-07-4},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 2nd International Workshop on Security in Information Systems - Volume 1: WOSIS, (ICEIS 2004)
TI - Intrusion Risk Analysis and the Power Law Distribution of Attacks
SN - 972-8865-07-4
AU - Manuel Garcia Garcia J.
PY - 2004
SP - 47
EP - 52
DO - 10.5220/0002659500470052