A time-variant risk analysis and damage estimation for large-scale network systems

Abstract

Risk analysis for preventing network intrusions and attacks and estimation of damages resulting from intrusions and attacks are routine exercises for large-scale network systems. However, previous methodologies for risk analysis and network administration techniques for controlling system failures have been limited to the offering of safeguards based on identification of assets and resources at risks, potential threats and system vulnerabilities. They fail to provide exact estimations as to the effect of eliminating threats and vulnerabilities, which may be done through real-time analysis, or to assess the scope of damage, in the event of an attack, incurred until the final recovery. In this paper, we propose a time-variant risk analysis technique, which, based on previous risk analysis models for large-size networking systems and used in conjunction with the safeguards developed by these models, is able to identify real-time risk levels. Furthermore, to assess the scope of system damages resulting from a network intrusion, we propose a method for estimating the total cost incurred from the point of the occurrence of damage to that of recovery. © Springer-Verlag Berlin Heidelberg 2005.