سال انتشار: ۱۳۹۰
محل انتشار: اولین کنفرانس ملی دانش پژوهان کامپیوتر و فناوری اطلاعات
تعداد صفحات: ۸
abdolsattar vakili – Aq Qala Center, Islamic Azad University
mohammad abdollahi azgomi – Iran University of Science and Technology, School of Computer Engineering
eshagh jorjani – Aq Qala Center, Islamic Azad University, Department of Finance and Accounting,
In this paper, we present a new approach to model the computer system security based on GeneralizedStochastic Petri Nets (GSPN) and Game Theory. Attack against a system is dependent on attacker’s maliciousehavior. An attack at least has two essential elements. First, the attacker must decide to choose which attack action is carried out. Second, he tries to accomplish the chosen attack action. Using GSPN, we can model the attackers’ decisions. Henceforth, we calculate attacker’s decision probabilities using Game Theory, especially, Zero-Sum StaticGame model. By application of the decision probabilities on GSPN model that are calculated by game model, we can carry out quantitative security evaluation of the model using tools such as Mobius and calculate operational measures like Mean Time to Availability Compromise and Mean Time to Integrity Compromise. Finally, a case study has been modeled and evaluated using the method proposed in this paper.