cascading attack damage. what is the real cost of a cyber-attack? the cost of the service attacked...

Cascading Attack Damage

Post on 20-Dec-2015

214 views

Category:

Documents

0 download

Report

Download

Tags:

Embed Size (px):

TRANSCRIPT

Cascading Attack Damage

What is the real cost of a cyber-attack?

The cost of the service attacked may not reflect the real amount of damage.

Many other services may rely on the attacked service, causing a cascade.

How can we determine the real cost associated with the cascade?

JAC Defines Values, Dependencies, and

Damage.

Values A Value defines an object in JAC. The Value is used to calculate the value of

damage to an object.

Page 5: Cascading Attack Damage. What is the real cost of a cyber-attack? The cost of the service attacked may not reflect the real amount of damage. Many other

Dependencies A dependency is defined between two

objects with defined Values. The dependency of A

on B is defined as the percentage of A that requires B.

Page 6: Cascading Attack Damage. What is the real cost of a cyber-attack? The cost of the service attacked may not reflect the real amount of damage. Many other

Damage You attack an object by assigning it

Damage. Damage is defined as the percentage

of the object that is damaged.

Page 7: Cascading Attack Damage. What is the real cost of a cyber-attack? The cost of the service attacked may not reflect the real amount of damage. Many other

System Architecture

Remote Java Beans (planned)

GUI “Thick” Clients

WebServlet

Jess RuleEngine

EconomicDamage

Coefficient Model

Local Java Beans (planned)

RMI

Rete EngineQueries

Parsing / RuleGenerator

Web “Thin” Clients (planned)

Page 8: Cascading Attack Damage. What is the real cost of a cyber-attack? The cost of the service attacked may not reflect the real amount of damage. Many other

Jess Rule Engine All objects are turned into Jess facts. Rules model the cascade effect.

Page 9: Cascading Attack Damage. What is the real cost of a cyber-attack? The cost of the service attacked may not reflect the real amount of damage. Many other

JAC

Page 10: Cascading Attack Damage. What is the real cost of a cyber-attack? The cost of the service attacked may not reflect the real amount of damage. Many other

Adding Values You can Add an Object to the Domain by

adding a Value:

Page 11: Cascading Attack Damage. What is the real cost of a cyber-attack? The cost of the service attacked may not reflect the real amount of damage. Many other

Adding Dependencies You can add a dependency between any

two objects with defined Values.

Page 12: Cascading Attack Damage. What is the real cost of a cyber-attack? The cost of the service attacked may not reflect the real amount of damage. Many other

Adding Dependancies You can provide a weight to the

dependency. This weight is the percentage of the affect on the affected object.

Page 13: Cascading Attack Damage. What is the real cost of a cyber-attack? The cost of the service attacked may not reflect the real amount of damage. Many other

Dependency Modeling JAC can provide a graphical

model of your dependency structure.

Page 14: Cascading Attack Damage. What is the real cost of a cyber-attack? The cost of the service attacked may not reflect the real amount of damage. Many other

Adding Damage You can attack any object with an assigned

value by assigning it damage.

Page 15: Cascading Attack Damage. What is the real cost of a cyber-attack? The cost of the service attacked may not reflect the real amount of damage. Many other

Adding Damage You assign damage as a percent of the

attack object.

Page 16: Cascading Attack Damage. What is the real cost of a cyber-attack? The cost of the service attacked may not reflect the real amount of damage. Many other

Removing Values, Affects, & Damage

You can remove any value, dependency, or damage by selecting it and clicking the appropriate remove button.

Page 17: Cascading Attack Damage. What is the real cost of a cyber-attack? The cost of the service attacked may not reflect the real amount of damage. Many other

Cascading Damage Once you have defined Values,

Dependencies, and Added damage for at least one object in the domain, you can cascade the attack.

Page 18: Cascading Attack Damage. What is the real cost of a cyber-attack? The cost of the service attacked may not reflect the real amount of damage. Many other

Cascading Damage

Page 19: Cascading Attack Damage. What is the real cost of a cyber-attack? The cost of the service attacked may not reflect the real amount of damage. Many other

Cascading Damage Damage is tracked, as well which

dependencies cause the cascade.

Page 20: Cascading Attack Damage. What is the real cost of a cyber-attack? The cost of the service attacked may not reflect the real amount of damage. Many other

Cascade Modeling JAC can provide a graphical representation

of the damage cascade of an attack.

Page 21: Cascading Attack Damage. What is the real cost of a cyber-attack? The cost of the service attacked may not reflect the real amount of damage. Many other

Cascading Damage The value of damage to each object is

determined, as is total attack damage.

Page 22: Cascading Attack Damage. What is the real cost of a cyber-attack? The cost of the service attacked may not reflect the real amount of damage. Many other

Future Work Detailed economic model for dependency

coefficients. Compensation between dependencies. Temporal modeling. Java Bean representation of rules, allowing

for flexibility in software architecture. Jess / Rete engine optimizations

Repeat Calls - Assessing the Damage and Calculating the Cost

Vulnerabilities to Terrorism · Non-pecuniary damage (e.g., psychological damage such as fear) can be monetized. (iii) Both the probability of a successful attack and the damage upon

Maximum Damage Malware Attack in Mobile Wireless Networks

Air Quality damage cost update 2020

Information Systems Damage after the Sept 11, 2001 attack

Defensive Cyber Battle Damage Assessment Through Attack

DAMAGE CONTROL: THE COST OF SECURITY BREACHES IT

EDISTO BEACH COASTAL STORM DAMAGE … STORM DAMAGE REDUCTION GENERAL INVESTIGATION STUDY . ... Construction Cost Estimating Guide for Civil Works, ... Civil Works Cost …

Damage modelling in concrete subject to sulfate attack...Focussed on: Computational Mechanics and Mechanics of Materials in Italy Damage modelling in concrete subject to sulfate attack

League of Legends | How To Play The Attack Damage Carry Position: Laning Phase

Coverage for the Cost of Mitigating Damage...COVERAGE FOR THE COST OF MITIGATING DAMAGE Eric Friend, Traylor Bros. Inc. Lynette Thompson, Barnard Construction Company, Inc. Mike Clark,

Methodology for Estimating Road Damage Cost Resulting from

A Low-cost Attack on a Microsoft CAPTCHA · A Low-cost Attack on a Microsoft CAPTCHA Jeff Yan School of Computing Science ... In this paper, we report new character segmentation techniques

Chris Carlson’s Variable Damage Effects - Clash of Armsclashofarms.com/files/Variable_Damage_Effects.pdf · Variable Damage Effects in Naval ... Attack/Engage! ... – Often referred

dfzljdn9uc3pi.cloudfront.net · Web viewThird, 'signal penalty' is a cost paid during the presentation of the signal. Finally, the 'initial attack damage' and the 'final attack damage

Max damage and the Alien Attack

Security Bootcamp 2013 - Mitigate DDoS attack with effective cost - Nguyễn Chấn Việt

NTRU Prime: reducing attack surface at low cost · 2017. 8. 17. · NTRU Prime: reducing attack surface at low cost Daniel J. Bernstein1, Chitchanok Chuengsatiansup2, Tanja Lange

The Cost of DDoS Attack: Risk Assessment, Mitigation and Protection for Businesses

NTRU Prime: reducing attack surface at low cost · NTRU Prime: reducing attack surface at low cost Daniel J. Bernstein1, Chitchanok Chuengsatiansup2, Tanja Lange 3, and Christine

Economic Analysis Flood Damage Reduction Cost Benefits · Economic Analysis – Flood Damage Reduction Cost Benefits ... (Tables 11a & 11b) ... Bank Stabilization Costs and FEMA-based

High%Accuracy%AackProvenance%via% Binary4Based …...Introduc9on! Attack provenance is important • Determine the “entry point” of an attack • Understand the damage to the victim

Overview of Damage to Buildings Near Ground Zeromceer.buffalo.edu/publications/wtc/02-SP02Screen.pdf · Overview of Damage to Buildings Near Ground Zero ... the attack and its aftermath

STR Effort roll CON Stamina roll SIZ Damage Bonus Idea ... of Cthulhu/Misc/Basic RolePlaying/BR… · armortype armorvalue _____ _____ _____ _____ shieldtype parry/attack damage HP

DOT/FAA/TC-14/38 Low Cost Accurate Angle of Attack System · iv Low Cost Accurate Angle of Attack System David F. Rogers, Phd, ATP Rogers Aerospace Engineering & Consulting Principal

Low cost mac repairs London |Low cost mac liquid damage repairs | Low cost Mac Screen Replacement

(standard) ATTACK DEFENSE DAMAGE

Health Damage Cost of Automotive Air Pollution · Health Damage Cost of Automotive Air Pollution : ... Health Damage Cost of Automotive Air Pollution : ... well-being directly by

Damage/Cost Report-Elevated Water Tower Damage from ... · Damage/Cost Report-Elevated Water Tower Damage from Hurricane John Draft 06/30/2006 . This report is assembled as a template

An Analysis of the Cost of Grey Squirrel Damage to Woodland

Detecting and mapping MPB red-attack damage

Energy Efficiency tip of the day (Thermal insulation damage cost)

Cost Recovery of Damage to the Highway - Modern … A Report... · Cost Recovery of Damage to the Highway Enforcement of Damage Caused by the . ... verge/footway/cycle path/crossover

Probabilistic Benefit-Cost Analysis for Earthquake Damage ......Probabilistic Beneﬁt-Cost Analysis for Earthquake Damage Mitigation: Evaluating Measures for Apartment Houses in Turkey

Attack-Prevention and Damage-Control Investments in ...€¦ · damage-control investments are remediation strategies, e.g., nding, testing, and xing bugs reduces the probability

cascading attack damage. what is the real cost of a cyber-attack? the cost of the service attacked...

Documents

cascading damage slide

value of damage

damage cascade

cascading attack damage

jac slide

total attack damage

attack object

system architecture