Other formats:
BibTeX
LaTeX
RIS
@inproceedings{1642215, author = {Macák, Martin and Kružíková, Agáta and Daubner, Lukáš and Bühnová, Barbora}, address = {New York, NY, USA}, booktitle = {ICSEW'20: Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops}, doi = {http://dx.doi.org/10.1145/3387940.3391475}, keywords = {insider attack; game; process mining; security; unintentional perpetrator; attack vector}, howpublished = {elektronická verze "online"}, language = {eng}, location = {New York, NY, USA}, isbn = {978-1-4503-7963-2}, pages = {222-229}, publisher = {Association for Computing Machinery}, title = {Simulation Games Platform for Unintentional Perpetrator Attack Vector Identification}, url = {https://dl.acm.org/doi/abs/10.1145/3387940.3391475}, year = {2020} }
TY - JOUR ID - 1642215 AU - Macák, Martin - Kružíková, Agáta - Daubner, Lukáš - Bühnová, Barbora PY - 2020 TI - Simulation Games Platform for Unintentional Perpetrator Attack Vector Identification PB - Association for Computing Machinery CY - New York, NY, USA SN - 9781450379632 KW - insider attack KW - game KW - process mining KW - security KW - unintentional perpetrator KW - attack vector UR - https://dl.acm.org/doi/abs/10.1145/3387940.3391475 N2 - Cyber-security protection of critical systems is one of the major challenges of today. Although the attacks typically originate from attackers with malicious intent, a substantial portion of attack vectors is enabled by unintentional perpetrators, i.e., insiders who cause an incident by negligence, carelessness, or lack of training. Prevention of these situations is challenging because insiders have better access to the organization's resources and hence, are more likely to cause harm. Moreover, the insider-mediated actions of an attack vector often come unrecognized by security admins as well as the insiders themselves.In this paper, we focus on the identification of the attack vector of unintentional perpetrators. To this end, we propose to employ specialized games that simulate the working period, while the player faces multiple dangers that might cause harm in their company. From the analysis of their actions, we discover the attack vector, which could be addressed before an actual attack happens. To reflect a variety of insiders and company environments, we introduce a platform for designing variants of these games, together with its architecture, an example of a simple game that can be created using the platform, and the used analysis method. ER -
MACÁK, Martin, Agáta KRUŽÍKOVÁ, Lukáš DAUBNER and Barbora BÜHNOVÁ. Simulation Games Platform for Unintentional Perpetrator Attack Vector Identification. Online. In \textit{ICSEW'20: Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops}. New York, NY, USA: Association for Computing Machinery, 2020, p.~222-229. ISBN~978-1-4503-7963-2. Available from: https://dx.doi.org/10.1145/3387940.3391475.
|