Visible to the public Biblio

Filters: Keyword is risk control  [Clear All Filters]
2019-09-05
Qiu, Yanbin, Liu, Yanhua, Li, Shijin.  2018.  A Method of Cyber Risk Control Node Selection Based on Game Theory. Proceedings of the 8th International Conference on Communication and Network Security. :32-36.

For the occurrence of network attacks, the most important thing for network security managers is how to conduct attack security defenses under low-risk control. And in the attack risk control, the first and most important step is to choose the defense node of risk control. In this paper, aiming to solve the problem of network attack security risk control under complex networks, we propose a game attack risk control node selection method based on game theory. The method utilizes the relationship between the vulnerabilities and analyzes the vulnerability intent information of the complex network to construct an attack risk diffusion network. In order to truly reflect the different meanings of each node in the attack risk diffusion network for attack and defense, this paper uses the host vulnerability attack and defense income evaluation calculation to give each node in the network its offensive and defensive income. According to the above-mentioned attack risk spread network of offensive and defensive gains, this paper combines game theory and maximum benefit ideas to select the best Top defense node information. In this paper, The method proposed in this paper can be used to select network security risk control nodes on complex networks, which can help network security managers to play a good auxiliary role in cyber attack defense.

2019-06-17
Goman, Maksim.  2018.  Towards Unambiguous IT Risk Definition. Proceedings of the Central European Cybersecurity Conference 2018. :15:1-15:6.

The paper addresses the fundamental methodological problem of risk analysis and control in information technology (IT) – the definition of risk as a subject of interest. Based on analysis of many risk concepts, we provide a consistent definition that describes the phenomenon. The proposed terminology is sound in terms of system analysis principles and applicable to practical use in risk assessment and control. Implication to risk assessment methods were summarized.