Defining Attacker Behavior Patterns in the Context of an Information System

Presenter: Mark Rounds

Abstract:

Information systems are becoming pervasive in our everyday life. Anyone who is online must deal with consequence that such systems are prone to malicious attack. In our attempt to safeguard our systems, determination of the value of security is measures critical and is an area currently undergoing scrutiny by many researchers. There has been much research and development work done on the various technological security tools but there has been less work on the human side. One method to determine the actions and the intent of attackers in this environment is to simulate interactions between an information system, its users and a population of attackers. Initial simulation results suggest that the marginal value of additional security may be positive or negative as can the time rate of change of system value. Models created with this in mind have shown some predictive value but are based on some strong assumptions. The goals of this research are to support or refute some of these assumptions to make a more predictive model.