A move in the security measurement stalemate

Pieters, Wolter; Ven, Sanne H. G. van der; Probst, Christian W.

doi:10.1145/2413296.2413298

Cited by 10 publications

(7 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Factor Analysis of Information Risk (FAIR). To define our concepts (the same as in [13,14]), we use the risk definitions provided by The Open Group [16]. In this taxonomy, risk-related variables are defined starting from the notions of assets and threat agents acting against these assets, potentially causing damage.…”

Section: Preliminariesmentioning

confidence: 99%

“…In this definition, TC denotes some ability measure of the threat agent, and CS a resistance (or difficulty of passing) estimate of the control. We have discussed this relation in detail in [14]. Note that the term vulnerability is used as probability of success here, not as a software bug causing a security weakness.…”

Section: Preliminariesmentioning

confidence: 99%

“…5). The question on how to define the difficulty function has been treated elsewhere [14], and we will not repeat this issue here. The definition of difficulty as a function also implies that attacker investment (cost) and probability of success cannot be treated as independent properties, like in existing formalisms.…”

Section: Contributionsmentioning

confidence: 99%

“…In these examples the cumulative distribution functions (CDFs) of logistic distributions are adopted to mathematically represent the probability of success as a function of investment (according to Definition 4). There are two reasons for choosing logistic distributions: (1) logistic distributions provide a strong analogy with difficulty metrics in other domains [14], and (2) the logistic distribution reflects the fact that with little investment, the probability of success is low, whereas there is a certain critical point around which the probability of success increases rapidly with higher investment. There are three parameters of interest: the mean μ of the distribution, the scale s, and the maximum success probability c. The latter reflects the fact that a probability of success of almost 1 is not always achievable, not even with nearly infinite resources.…”

Section: Examples and Simulationsmentioning

confidence: 99%

See 3 more Smart Citations

Calculating Adversarial Risk from Attack Trees: Control Strength and Probabilistic Attackers

Pieters

Davarynejad

2015

Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance

Self Cite

View full text Add to dashboard Cite

Attack trees are a well-known formalism for quantitative analysis of cyber attacks consisting of multiple steps and alternative paths. It is possible to derive properties of the overall attacks from properties of individual steps, such as cost for the attacker and probability of success. However, in existing formalisms, such properties are considered independent. For example, investing more in an attack step would not increase the probability of success. As this seems counterintuitive, we introduce a framework for reasoning about attack trees based on the notion of control strength, annotating nodes with a function from attacker investment to probability of success. Calculation rules on such trees are defined to enable analysis of optimal attacker investment. Our second result consists of the translation of optimal attacker investment into the associated adversarial risk, yielding what we call adversarial risk trees. The third result is the introduction of probabilistic attacker strategies, based on the fitness (utility) of available scenarios. Together these contributions improve the possibilities for using attack trees in adversarial risk analysis.

show abstract

Section: Preliminariesmentioning

confidence: 99%

Section: Preliminariesmentioning

confidence: 99%

Section: Contributionsmentioning

confidence: 99%

Section: Examples and Simulationsmentioning

confidence: 99%

See 2 more Smart Citations

Calculating Adversarial Risk from Attack Trees: Control Strength and Probabilistic Attackers

Pieters

Davarynejad

2015

Data Privacy Management, Autonomous Spontaneous Security, and Security Assurance

Self Cite

View full text Add to dashboard Cite

show abstract

“…The basic Elo rating system is used in several types of contests beyond chess, for example, football [21]; however, different applications have been extensively reported elsewhere. It has been used for eliciting user preferences in community-based sites [22], assessing security and vulnerability risks [23], ranking posts in web-based forums [24], rating patterns in videogames [25], detecting fabric defects in the textile industry [26], providing students with individualized learning materials in educational settings [20], studying traffic congestion in urban transportation [27], studying dominance hierarchies in behavioral and evolutionary animal ecology [28], forecasting sales and optimizing prices of new product releases [29], allocating resources for criminal justice to support supervision officers [30], and identifying people using facial comparative descriptions [31].…”

Section: Introductionmentioning

confidence: 99%

Toward Personalized Web-Based Cognitive Rehabilitation for Patients With Ischemic Stroke: Elo Rating Approach (Preprint)

García-Rudolph¹,

López²,

Opisso³

et al. 2021

Preprint

View full text Add to dashboard Cite

BACKGROUND Stroke is a worldwide cause of disability, 40% of stroke survivors sustain cognitive impairments, most of them follow inpatient rehabilitation at specialized clinical centers. Web-based cognitive rehabilitation tasks are already integrated into clinical settings. The impact of a task execution depends on the ratio between the skills of the treated patient and the challenges imposed by the task itself. Thus, treatments personalization requires a trade-off between patients’ skills and tasks difficulties, which is still an open issue. In this work we propose Elo ratings to support clinicians in representing patients’ skills and supporting tasks assignations to optimize rehabilitation outcomes. OBJECTIVE i) perform a stratification of patients with ischemic stroke at early stage of rehabilitation in three levels according to their Elo rating ii) show the relationships between the Elo rating levels, tasks difficulty levels and rehabilitation outcomes iii) determine if Elo rating obtained at early stages of rehabilitation is a significant predictor of rehabilitation outcomes. METHODS The PlayerRatings R library was used to obtain the Elo rating for each patient. Working memory was assessed using the DIGITS subtest of Test Barcelona and the Rey Auditory Verbal Memory Test (RAVLT) was used to assess verbal memory. The three subtests of RAVLT were used: RAVLT learning (RAVLT075), free-recall memory (RAVLT015) and recognition (RAVLT015R). Memory predictors were identified using forward stepwise selection to add covariates to the models which were evaluated by assessing discrimination using the area under the receiver operating characteristics curve (AUC) for logistic regressions and adjusted R2 for linear regressions. RESULTS Three Elo levels (Low, Mid and High) with the same number of patients (n=96) in each Elo group, were obtained using the 50 initial tasks executions (from a total of 38,177) for n=288 adult patients consecutively admitted for inpatient rehabilitation in a clinical setting. The highest proportion of patients that improved in all 4 memory items were from Mid Elo level: 56.7% of them improved in DIGITS, 67.1% in RAVLT075, 58.8% in RAVLT015 and 53.7% in RAVLT015R (p < 0.001). The proportion of patients from the Mid Elo level that performed tasks at difficulty levels #1, #2 and #3 were: 32.1%, 31.0% and 36.9% (p < 0.001) respectively, showing the highest match between skills (represented by Elo level) and tasks difficulties, considering the set of 38,177 tasks executions. Elo ratings were significant predictors in 3 of the 4 models and quasi-significant in the other. When predicting RAVLT075 and DIGITS at discharge we obtained R2=0.54 and R2=0.43 respectively, meanwhile in RAVLT075 and DIGITS improvement predictions we obtained AUC= 0.73, 95% CI(0.64-0.82) and AUC= 0.81 95%CI(0.72-0.89). CONCLUSIONS Elo ratings can support clinicians at early rehabilitation stages in identifying cognitive profiles that can be used to assign tasks’ difficulty levels.

show abstract

A framework for analyzing cascading failure in large interconnected power systems: A post-contingency evolution simulator

Bompard

Estebsari

Huang

et al. 2016

International Journal of Electrical Power & Energy Systems

View full text Add to dashboard Cite

A move in the security measurement stalemate

Cited by 10 publications

References 28 publications

Calculating Adversarial Risk from Attack Trees: Control Strength and Probabilistic Attackers

Calculating Adversarial Risk from Attack Trees: Control Strength and Probabilistic Attackers

Toward Personalized Web-Based Cognitive Rehabilitation for Patients With Ischemic Stroke: Elo Rating Approach (Preprint)

A framework for analyzing cascading failure in large interconnected power systems: A post-contingency evolution simulator

Contact Info

Product

Resources

About