This report presents an extended analysis of CERT Coordination Centerâ incidents data (from
1988 to 1995) and applies the results to simulate attacks and their impacts on network sites.
The data were “sanitized” prior to the analysis to ensure complete anonymity. A model for the
incidents process is discussed and extended. It consists of three parts: a stochastic process for
the random occurrence of incidents at sites, a model for the state transition process for an attacked
system given a level of defense, and a method of estimating the expected survivability
of the system given possible degradations due to these attacks. This approach leads to the
estimation of a survivability/cost function, which shows the tradeoffs involved between cost
and system survivability. Information Systems (IS) managers can use this to determine the
most appropriate level of defense for the network systems of their organizations.
The stochastic process was simulated based on parameter values obtained from actual reported
data. Extensive sensitivity analyses are reported that indicate how expected survivability
would change with varying parameter analysis results values. The report concludes
with a discussion of future work to be done and the appendix has details of the simulation
model and further data.
(less)
