Quantifying Cyberinfrastructure Resilience against Multi‐Event Attacks
Identifieur interne : 000030 ( Istex/Corpus ); précédent : 000029; suivant : 000031Quantifying Cyberinfrastructure Resilience against Multi‐Event Attacks
Auteurs : Christopher W. Zobel ; Lara KhansaSource :
- Decision Sciences [ 0011-7315 ] ; 2012-08.
English descriptors
- KwdEn :
Abstract
This article introduces a general approach for characterizing cyberinfrastructure resilience in the face of multiple malicious cyberattacks, such as when a sequence of denial‐of‐service attacks progressively target an already weakened information system. Although loss assessment frequently focuses on a single overall measure such as cost or downtime, the proposed technique considers both the timing and the amount of loss associated with each individual attack, as well as whether this loss is incurred suddenly or is “slow‐onset.” In support of this, an underlying mathematical model is developed to represent the relative impact of each attack and the corresponding length of time that its effects persist within the system, as well as to illustrate the trade‐offs between these two factors. The model is extended to represent uncertainty in its parameters and thus to support comparative analyses among various security configurations with respect to a baseline estimate of resilience. Monte Carlo simulation is then used to illustrate the model's capabilities and to support a discussion of its ability to provide for more effective decision making in the context of disaster planning and mitigation. [Submitted: March 21, 2011. Revised: July 14, 2011; November 4, 2011. Accepted: December 19, 2011.]
Url:
DOI: 10.1111/j.1540-5915.2012.00364.x
Links to Exploration step
ISTEX:D6824A4F35505079438681262C2166FC03CE228DLe document en format XML
<record><TEI wicri:istexFullTextTei="biblStruct"><teiHeader><fileDesc><titleStmt><title xml:lang="en">Quantifying Cyberinfrastructure Resilience against Multi‐Event Attacks</title><author><name sortKey="Zobel, Christopher W" sort="Zobel, Christopher W" uniqKey="Zobel C" first="Christopher W." last="Zobel">Christopher W. Zobel</name><affiliation><mods:affiliation>Department of Business Information Technology, Virginia Polytechnic Institute and State University, Blacksburg, VA 24061‐0235, e‐mail: czobel@vt.edu, larak@vt.edu</mods:affiliation></affiliation></author><author><name sortKey="Khansa, Lara" sort="Khansa, Lara" uniqKey="Khansa L" first="Lara" last="Khansa">Lara Khansa</name><affiliation><mods:affiliation>Department of Business Information Technology, Virginia Polytechnic Institute and State University, Blacksburg, VA 24061‐0235, e‐mail: czobel@vt.edu, larak@vt.edu</mods:affiliation></affiliation></author></titleStmt><publicationStmt><idno type="wicri:source">ISTEX</idno><idno type="RBID">ISTEX:D6824A4F35505079438681262C2166FC03CE228D</idno><date when="2012" year="2012">2012</date><idno type="doi">10.1111/j.1540-5915.2012.00364.x</idno><idno type="url">https://api.istex.fr/document/D6824A4F35505079438681262C2166FC03CE228D/fulltext/pdf</idno><idno type="wicri:Area/Istex/Corpus">000030</idno></publicationStmt><sourceDesc><biblStruct><analytic><title level="a" type="main" xml:lang="en">Quantifying Cyberinfrastructure Resilience against Multi‐Event Attacks</title><author><name sortKey="Zobel, Christopher W" sort="Zobel, Christopher W" uniqKey="Zobel C" first="Christopher W." last="Zobel">Christopher W. Zobel</name><affiliation><mods:affiliation>Department of Business Information Technology, Virginia Polytechnic Institute and State University, Blacksburg, VA 24061‐0235, e‐mail: czobel@vt.edu, larak@vt.edu</mods:affiliation></affiliation></author><author><name sortKey="Khansa, Lara" sort="Khansa, Lara" uniqKey="Khansa L" first="Lara" last="Khansa">Lara Khansa</name><affiliation><mods:affiliation>Department of Business Information Technology, Virginia Polytechnic Institute and State University, Blacksburg, VA 24061‐0235, e‐mail: czobel@vt.edu, larak@vt.edu</mods:affiliation></affiliation></author></analytic><monogr></monogr><series><title level="j">Decision Sciences</title><idno type="ISSN">0011-7315</idno><idno type="eISSN">1540-5915</idno><imprint><publisher>Blackwell Publishing Inc</publisher><pubPlace>Malden, USA</pubPlace><date type="published" when="2012-08">2012-08</date><biblScope unit="volume">43</biblScope><biblScope unit="issue">4</biblScope><biblScope unit="page" from="687">687</biblScope><biblScope unit="page" to="710">710</biblScope></imprint><idno type="ISSN">0011-7315</idno></series><idno type="istex">D6824A4F35505079438681262C2166FC03CE228D</idno><idno type="DOI">10.1111/j.1540-5915.2012.00364.x</idno><idno type="ArticleID">DECI364</idno></biblStruct></sourceDesc><seriesStmt><idno type="ISSN">0011-7315</idno></seriesStmt></fileDesc><profileDesc><textClass><keywords scheme="KwdEn" xml:lang="en"><term>Disaster Resilience</term><term>Information Infrastructure</term><term>Multi‐Event Resilience</term><term>and Network Security</term></keywords></textClass><langUsage><language ident="en">en</language></langUsage></profileDesc></teiHeader><front><div type="abstract" xml:lang="en">This article introduces a general approach for characterizing cyberinfrastructure resilience in the face of multiple malicious cyberattacks, such as when a sequence of denial‐of‐service attacks progressively target an already weakened information system. Although loss assessment frequently focuses on a single overall measure such as cost or downtime, the proposed technique considers both the timing and the amount of loss associated with each individual attack, as well as whether this loss is incurred suddenly or is “slow‐onset.” In support of this, an underlying mathematical model is developed to represent the relative impact of each attack and the corresponding length of time that its effects persist within the system, as well as to illustrate the trade‐offs between these two factors. The model is extended to represent uncertainty in its parameters and thus to support comparative analyses among various security configurations with respect to a baseline estimate of resilience. Monte Carlo simulation is then used to illustrate the model's capabilities and to support a discussion of its ability to provide for more effective decision making in the context of disaster planning and mitigation. [Submitted: March 21, 2011. Revised: July 14, 2011; November 4, 2011. Accepted: December 19, 2011.]</div></front></TEI><istex><corpusName>wiley</corpusName><author><json:item><name>Christopher W. Zobel</name><affiliations><json:string>Department of Business Information Technology, Virginia Polytechnic Institute and State University, Blacksburg, VA 24061‐0235, e‐mail: czobel@vt.edu, larak@vt.edu</json:string></affiliations></json:item><json:item><name>Lara Khansa</name><affiliations><json:string>Department of Business Information Technology, Virginia Polytechnic Institute and State University, Blacksburg, VA 24061‐0235, e‐mail: czobel@vt.edu, larak@vt.edu</json:string></affiliations></json:item></author><subject><json:item><lang><json:string>eng</json:string></lang><value>Disaster Resilience</value></json:item><json:item><lang><json:string>eng</json:string></lang><value>Information Infrastructure</value></json:item><json:item><lang><json:string>eng</json:string></lang><value>Multi‐Event Resilience</value></json:item><json:item><lang><json:string>eng</json:string></lang><value>and Network Security</value></json:item></subject><articleId><json:string>DECI364</json:string></articleId><language><json:string>eng</json:string></language><originalGenre><json:string>article</json:string></originalGenre><abstract>This article introduces a general approach for characterizing cyberinfrastructure resilience in the face of multiple malicious cyberattacks, such as when a sequence of denial‐of‐service attacks progressively target an already weakened information system. Although loss assessment frequently focuses on a single overall measure such as cost or downtime, the proposed technique considers both the timing and the amount of loss associated with each individual attack, as well as whether this loss is incurred suddenly or is “slow‐onset.” In support of this, an underlying mathematical model is developed to represent the relative impact of each attack and the corresponding length of time that its effects persist within the system, as well as to illustrate the trade‐offs between these two factors. The model is extended to represent uncertainty in its parameters and thus to support comparative analyses among various security configurations with respect to a baseline estimate of resilience. Monte Carlo simulation is then used to illustrate the model's capabilities and to support a discussion of its ability to provide for more effective decision making in the context of disaster planning and mitigation. [Submitted: March 21, 2011. Revised: July 14, 2011; November 4, 2011. Accepted: December 19, 2011.]</abstract><qualityIndicators><score>7.34</score><pdfVersion>1.3</pdfVersion><pdfPageSize>486 x 720 pts</pdfPageSize><refBibsNative>true</refBibsNative><keywordCount>4</keywordCount><abstractCharCount>1307</abstractCharCount><pdfWordCount>7743</pdfWordCount><pdfCharCount>47290</pdfCharCount><pdfPageCount>24</pdfPageCount><abstractWordCount>195</abstractWordCount></qualityIndicators><title>Quantifying Cyberinfrastructure Resilience against Multi‐Event Attacks</title><genre><json:string>article</json:string></genre><host><volume>43</volume><publisherId><json:string>DECI</json:string></publisherId><pages><total>24</total><last>710</last><first>687</first></pages><issn><json:string>0011-7315</json:string></issn><issue>4</issue><genre><json:string>journal</json:string></genre><language><json:string>unknown</json:string></language><eissn><json:string>1540-5915</json:string></eissn><title>Decision Sciences</title><doi><json:string>10.1111/(ISSN)1540-5915</json:string></doi></host><publicationDate>2012</publicationDate><copyrightDate>2012</copyrightDate><doi><json:string>10.1111/j.1540-5915.2012.00364.x</json:string></doi><id>D6824A4F35505079438681262C2166FC03CE228D</id><score>0.4932747</score><fulltext><json:item><original>true</original><mimetype>application/pdf</mimetype><extension>pdf</extension><uri>https://api.istex.fr/document/D6824A4F35505079438681262C2166FC03CE228D/fulltext/pdf</uri></json:item><json:item><original>false</original><mimetype>application/zip</mimetype><extension>zip</extension><uri>https://api.istex.fr/document/D6824A4F35505079438681262C2166FC03CE228D/fulltext/zip</uri></json:item><istex:fulltextTEI uri="https://api.istex.fr/document/D6824A4F35505079438681262C2166FC03CE228D/fulltext/tei"><teiHeader><fileDesc><titleStmt><title level="a" type="main" xml:lang="en">Quantifying Cyberinfrastructure Resilience against Multi‐Event Attacks</title></titleStmt><publicationStmt><authority>ISTEX</authority><publisher>Blackwell Publishing Inc</publisher><pubPlace>Malden, USA</pubPlace><availability><p>© 2012 The Authors. Decision Sciences Journal © 2012 Decision Sciences Institute</p></availability><date>2012</date></publicationStmt><sourceDesc><biblStruct type="inbook"><analytic><title level="a" type="main" xml:lang="en">Quantifying Cyberinfrastructure Resilience against Multi‐Event Attacks</title><author xml:id="author-1"><persName><forename type="first">Christopher W.</forename><surname>Zobel</surname></persName><affiliation>Department of Business Information Technology, Virginia Polytechnic Institute and State University, Blacksburg, VA 24061‐0235, e‐mail: czobel@vt.edu, larak@vt.edu</affiliation></author><author xml:id="author-2"><persName><forename type="first">Lara</forename><surname>Khansa</surname></persName><note type="correspondence"><p>Correspondence: Corresponding author.</p></note><affiliation>Department of Business Information Technology, Virginia Polytechnic Institute and State University, Blacksburg, VA 24061‐0235, e‐mail: czobel@vt.edu, larak@vt.edu</affiliation></author></analytic><monogr><title level="j">Decision Sciences</title><idno type="pISSN">0011-7315</idno><idno type="eISSN">1540-5915</idno><idno type="DOI">10.1111/(ISSN)1540-5915</idno><imprint><publisher>Blackwell Publishing Inc</publisher><pubPlace>Malden, USA</pubPlace><date type="published" when="2012-08"></date><biblScope unit="volume">43</biblScope><biblScope unit="issue">4</biblScope><biblScope unit="page" from="687">687</biblScope><biblScope unit="page" to="710">710</biblScope></imprint></monogr><idno type="istex">D6824A4F35505079438681262C2166FC03CE228D</idno><idno type="DOI">10.1111/j.1540-5915.2012.00364.x</idno><idno type="ArticleID">DECI364</idno></biblStruct></sourceDesc></fileDesc><profileDesc><creation><date>2012</date></creation><langUsage><language ident="en">en</language></langUsage><abstract xml:lang="en"><p>This article introduces a general approach for characterizing cyberinfrastructure resilience in the face of multiple malicious cyberattacks, such as when a sequence of denial‐of‐service attacks progressively target an already weakened information system. Although loss assessment frequently focuses on a single overall measure such as cost or downtime, the proposed technique considers both the timing and the amount of loss associated with each individual attack, as well as whether this loss is incurred suddenly or is “slow‐onset.” In support of this, an underlying mathematical model is developed to represent the relative impact of each attack and the corresponding length of time that its effects persist within the system, as well as to illustrate the trade‐offs between these two factors. The model is extended to represent uncertainty in its parameters and thus to support comparative analyses among various security configurations with respect to a baseline estimate of resilience. Monte Carlo simulation is then used to illustrate the model's capabilities and to support a discussion of its ability to provide for more effective decision making in the context of disaster planning and mitigation. [Submitted: March 21, 2011. Revised: July 14, 2011; November 4, 2011. Accepted: December 19, 2011.]</p></abstract><textClass xml:lang="en"><keywords scheme="keyword"><list><head>keywords</head><item><term>Disaster Resilience</term></item><item><term>Information Infrastructure</term></item><item><term>Multi‐Event Resilience</term></item><item><term>and Network Security</term></item></list></keywords></textClass></profileDesc><revisionDesc><change when="2012-08">Published</change></revisionDesc></teiHeader></istex:fulltextTEI><json:item><original>false</original><mimetype>text/plain</mimetype><extension>txt</extension><uri>https://api.istex.fr/document/D6824A4F35505079438681262C2166FC03CE228D/fulltext/txt</uri></json:item></fulltext><metadata><istex:metadataXml wicri:clean="Wiley, elements deleted: body"><istex:xmlDeclaration>version="1.0" encoding="UTF-8" standalone="yes"</istex:xmlDeclaration><istex:document><component version="2.0" type="serialArticle" xml:lang="en"><header><publicationMeta level="product"><publisherInfo><publisherName>Blackwell Publishing Inc</publisherName><publisherLoc>Malden, USA</publisherLoc></publisherInfo><doi origin="wiley" registered="yes">10.1111/(ISSN)1540-5915</doi><issn type="print">0011-7315</issn><issn type="electronic">1540-5915</issn><idGroup><id type="product" value="DECI"></id><id type="publisherDivision" value="ST"></id></idGroup><titleGroup><title type="main" sort="DECISION SCIENCES">Decision Sciences</title></titleGroup></publicationMeta><publicationMeta level="part" position="08104"><doi origin="wiley">10.1111/deci.2012.43.issue-4</doi><numberingGroup><numbering type="journalVolume" number="43">43</numbering><numbering type="journalIssue" number="4">4</numbering></numberingGroup><coverDate startDate="2012-08">August 2012</coverDate></publicationMeta><publicationMeta level="unit" type="article" position="6" status="forIssue"><doi origin="wiley">10.1111/j.1540-5915.2012.00364.x</doi><idGroup><id type="unit" value="DECI364"></id></idGroup><countGroup><count type="pageTotal" number="24"></count></countGroup><titleGroup><title type="tocHeading1">Articles</title></titleGroup><copyright>© 2012 The Authors. Decision Sciences Journal © 2012 Decision Sciences Institute</copyright><eventGroup><event type="xmlConverted" agent="Converter:BPG_TO_WML3G version:3.1.5.1 mode:FullText" date="2012-07-04"></event><event type="firstOnline" date="2012-07-04"></event><event type="publishedOnlineFinalForm" date="2012-07-04"></event><event type="xmlConverted" agent="Converter:WILEY_ML3G_TO_WILEY_ML3GV2 version:3.8.8" date="2014-01-17"></event><event type="xmlConverted" agent="Converter:WML3G_To_WML3G version:4.3.4 mode:FullText" date="2015-02-25"></event></eventGroup><numberingGroup><numbering type="pageFirst" number="687">687</numbering><numbering type="pageLast" number="710">710</numbering></numberingGroup><correspondenceTo>Corresponding author.</correspondenceTo><linkGroup><link type="toTypesetVersion" href="file:DECI.DECI364.pdf"></link></linkGroup></publicationMeta><contentMeta><countGroup><count type="figureTotal" number="10"></count><count type="tableTotal" number="4"></count><count type="formulaTotal" number="56"></count><count type="referenceTotal" number="37"></count><count type="linksCrossRef" number="92"></count></countGroup><titleGroup><title type="main">Quantifying Cyberinfrastructure Resilience against Multi‐Event Attacks</title><title type="shortAuthors"><i>Quantifying Cyberinfrastructure Resilience</i></title><title type="short"><i>Zobel and Khansa</i></title></titleGroup><creators><creator creatorRole="author" xml:id="cr1" affiliationRef="#a1"><personName><givenNames>Christopher W.</givenNames><familyName>Zobel</familyName></personName></creator><creator creatorRole="author" xml:id="cr2" affiliationRef="#a1" corresponding="yes"><personName><givenNames>Lara</givenNames><familyName>Khansa</familyName></personName></creator></creators><affiliationGroup><affiliation xml:id="a1" countryCode="US"><unparsedAffiliation><i>Department of Business Information Technology, Virginia Polytechnic Institute and State University, Blacksburg, VA 24061‐0235, e‐mail: </i><email>czobel@vt.edu</email><i>, </i><email>larak@vt.edu</email></unparsedAffiliation></affiliation></affiliationGroup><keywordGroup xml:lang="en"><keyword xml:id="k1"><i>Disaster Resilience</i></keyword><keyword xml:id="k2"><i>Information Infrastructure</i></keyword><keyword xml:id="k3"><i>Multi‐Event Resilience</i></keyword><keyword xml:id="k4"><i>and Network Security</i></keyword></keywordGroup><abstractGroup><abstract type="main" xml:lang="en"><title type="main">ABSTRACT</title><p>This article introduces a general approach for characterizing cyberinfrastructure resilience in the face of multiple malicious cyberattacks, such as when a sequence of denial‐of‐service attacks progressively target an already weakened information system. Although loss assessment frequently focuses on a single overall measure such as cost or downtime, the proposed technique considers both the timing and the amount of loss associated with each individual attack, as well as whether this loss is incurred suddenly or is “slow‐onset.” In support of this, an underlying mathematical model is developed to represent the relative impact of each attack and the corresponding length of time that its effects persist within the system, as well as to illustrate the trade‐offs between these two factors. The model is extended to represent uncertainty in its parameters and thus to support comparative analyses among various security configurations with respect to a baseline estimate of resilience. Monte Carlo simulation is then used to illustrate the model's capabilities and to support a discussion of its ability to provide for more effective decision making in the context of disaster planning and mitigation. [Submitted: March 21, 2011. Revised: July 14, 2011; November 4, 2011. Accepted: December 19, 2011.]</p></abstract></abstractGroup></contentMeta></header></component></istex:document></istex:metadataXml><mods version="3.6"><titleInfo lang="en"><title>Quantifying Cyberinfrastructure Resilience against Multi‐Event Attacks</title></titleInfo><titleInfo type="abbreviated" lang="en"><title>Zobel and Khansa</title></titleInfo><titleInfo type="alternative" contentType="CDATA" lang="en"><title>Quantifying Cyberinfrastructure Resilience against Multi‐Event Attacks</title></titleInfo><name type="personal"><namePart type="given">Christopher W.</namePart><namePart type="family">Zobel</namePart><affiliation>Department of Business Information Technology, Virginia Polytechnic Institute and State University, Blacksburg, VA 24061‐0235, e‐mail: czobel@vt.edu, larak@vt.edu</affiliation><role><roleTerm type="text">author</roleTerm></role></name><name type="personal"><namePart type="given">Lara</namePart><namePart type="family">Khansa</namePart><affiliation>Department of Business Information Technology, Virginia Polytechnic Institute and State University, Blacksburg, VA 24061‐0235, e‐mail: czobel@vt.edu, larak@vt.edu</affiliation><description>Correspondence: Corresponding author.</description><role><roleTerm type="text">author</roleTerm></role></name><typeOfResource>text</typeOfResource><genre type="article" displayLabel="article"></genre><originInfo><publisher>Blackwell Publishing Inc</publisher><place><placeTerm type="text">Malden, USA</placeTerm></place><dateIssued encoding="w3cdtf">2012-08</dateIssued><copyrightDate encoding="w3cdtf">2012</copyrightDate></originInfo><language><languageTerm type="code" authority="rfc3066">en</languageTerm><languageTerm type="code" authority="iso639-2b">eng</languageTerm></language><physicalDescription><internetMediaType>text/html</internetMediaType><extent unit="figures">10</extent><extent unit="tables">4</extent><extent unit="formulas">56</extent><extent unit="references">37</extent></physicalDescription><abstract lang="en">This article introduces a general approach for characterizing cyberinfrastructure resilience in the face of multiple malicious cyberattacks, such as when a sequence of denial‐of‐service attacks progressively target an already weakened information system. Although loss assessment frequently focuses on a single overall measure such as cost or downtime, the proposed technique considers both the timing and the amount of loss associated with each individual attack, as well as whether this loss is incurred suddenly or is “slow‐onset.” In support of this, an underlying mathematical model is developed to represent the relative impact of each attack and the corresponding length of time that its effects persist within the system, as well as to illustrate the trade‐offs between these two factors. The model is extended to represent uncertainty in its parameters and thus to support comparative analyses among various security configurations with respect to a baseline estimate of resilience. Monte Carlo simulation is then used to illustrate the model's capabilities and to support a discussion of its ability to provide for more effective decision making in the context of disaster planning and mitigation. [Submitted: March 21, 2011. Revised: July 14, 2011; November 4, 2011. Accepted: December 19, 2011.]</abstract><subject lang="en"><genre>keywords</genre><topic>Disaster Resilience</topic><topic>Information Infrastructure</topic><topic>Multi‐Event Resilience</topic><topic>and Network Security</topic></subject><relatedItem type="host"><titleInfo><title>Decision Sciences</title></titleInfo><genre type="journal">journal</genre><identifier type="ISSN">0011-7315</identifier><identifier type="eISSN">1540-5915</identifier><identifier type="DOI">10.1111/(ISSN)1540-5915</identifier><identifier type="PublisherID">DECI</identifier><part><date>2012</date><detail type="volume"><caption>vol.</caption><number>43</number></detail><detail type="issue"><caption>no.</caption><number>4</number></detail><extent unit="pages"><start>687</start><end>710</end><total>24</total></extent></part></relatedItem><identifier type="istex">D6824A4F35505079438681262C2166FC03CE228D</identifier><identifier type="DOI">10.1111/j.1540-5915.2012.00364.x</identifier><identifier type="ArticleID">DECI364</identifier><accessCondition type="use and reproduction" contentType="copyright">© 2012 The Authors. Decision Sciences Journal © 2012 Decision Sciences Institute</accessCondition><recordInfo><recordContentSource>WILEY</recordContentSource><recordOrigin>Blackwell Publishing Inc</recordOrigin></recordInfo></mods></metadata><enrichments><json:item><type>multicat</type><uri>https://api.istex.fr/document/D6824A4F35505079438681262C2166FC03CE228D/enrichments/multicat</uri></json:item></enrichments><serie></serie></istex></record>Pour manipuler ce document sous Unix (Dilib)
EXPLOR_STEP=$WICRI_ROOT/Ticri/CIDE/explor/CyberinfraV1/Data/Istex/Corpus
HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 000030 | SxmlIndent | more
Ou
HfdSelect -h $EXPLOR_AREA/Data/Istex/Corpus/biblio.hfd -nk 000030 | SxmlIndent | more
Pour mettre un lien sur cette page dans le réseau Wicri
{{Explor lien
|wiki= Ticri/CIDE
|area= CyberinfraV1
|flux= Istex
|étape= Corpus
|type= RBID
|clé= ISTEX:D6824A4F35505079438681262C2166FC03CE228D
|texte= Quantifying Cyberinfrastructure Resilience against Multi‐Event Attacks
}}
| This area was generated with Dilib version V0.6.25. |  |