Quantitative Risk Assessment tied to HMM based Intrusion Detection System

Abstract

This paper presents a method for the real time measurement of a network’s cyber security risk. This work is the fusion of two independent efforts from prior work. The work on the use of the Hidden Markov Model for Intrusion Detection has demonstrated that attacks can be readily modeled with the HMM, and these models will capture attack events along with the probability that the attack is present. Likewise the Risk Assessment model effort demonstrated both an analytical and an experimental model that estimates the risk of the network based on event probabilities. This work creates a framework where these works are combined such that the event probabilities from the HMM IDS can be integrated into the risk model to provide a real time Risk measure. Such a measure could be integrated into live networks with a real time measure provided for the risk in the networks due to cyber attacks. Likewise this estimate might be integrated into a Risk Management Process.