Abstract

Vulnerabilities inherent in a cyber network can be exploited by individuals with malicious intent. Thus, machines on the network are at risk. Formally, security specialists seek to mitigate the risk of intrusion events through network reconfiguration and defense. Comparison between configuration alternatives may be difficult if an event is sufficiently rare; risk estimates may of be questionable quality making definitive inferences unattainable. Furthermore, that which constitutes a “rare” event can imply different rates of occurrence, depending on network complexity. To measure rare events efficiently without the risk of doing damage to a cyber network, special rare-event simulation techniques can be employed, such as splitting or importance sampling. In particular, importance sampling has shown promise when modeling an attacker moving through a network with intent to steal data. The importance sampling technique amplifies certain aspects of the network in order to cause a rare event to happen more frequently. Output statistics collected under these amplified conditions must then be scaled back to the context of the original network to produce meaningful results. This thesis successfully tailors the importance sampling methodology to scenarios where an attacker must search a network. Said tailoring takes the attacker’s successes and failures as well as the attacker’s targeting choices into account. The methodology is shown to be more computationally efficient and can produce higher quality estimates of risk when compared to standard simulation.

Publication Date

5-2018

Document Type

Thesis

Student Type

Graduate

Degree Name

Industrial and Systems Engineering (MS)

Department, Program, or Center

Industrial and Systems Engineering (KGCOE)

Advisor

Michael E. Kuhl

Advisor/Committee Member

Shanchieh J. Yang

Advisor/Committee Member

Katie McConky

Campus

RIT – Main Campus

Share

COinS