MACÁK, Martin, Agáta KRUŽÍKOVÁ, Lukáš DAUBNER and Barbora BÜHNOVÁ. Simulation Games Platform for Unintentional Perpetrator Attack Vector Identification. Online. In ICSEW'20: Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops. New York, NY, USA: Association for Computing Machinery, 2020, p. 222-229. ISBN 978-1-4503-7963-2. Available from: https://dx.doi.org/10.1145/3387940.3391475.
Other formats:   BibTeX LaTeX RIS
Basic information
Original name Simulation Games Platform for Unintentional Perpetrator Attack Vector Identification
Authors MACÁK, Martin (703 Slovakia, belonging to the institution), Agáta KRUŽÍKOVÁ (203 Czech Republic, belonging to the institution), Lukáš DAUBNER (203 Czech Republic, belonging to the institution) and Barbora BÜHNOVÁ (203 Czech Republic, belonging to the institution).
Edition New York, NY, USA, ICSEW'20: Proceedings of the IEEE/ACM 42nd International Conference on Software Engineering Workshops, p. 222-229, 8 pp. 2020.
Publisher Association for Computing Machinery
Other information
Original language English
Type of outcome Proceedings paper
Field of Study 10201 Computer sciences, information science, bioinformatics
Country of publisher United States of America
Confidentiality degree is not subject to a state or trade secret
Publication form electronic version available online
WWW URL
RIV identification code RIV/00216224:14330/20:00115479
Organization unit Faculty of Informatics
ISBN 978-1-4503-7963-2
Doi http://dx.doi.org/10.1145/3387940.3391475
Keywords in English insider attack; game; process mining; security; unintentional perpetrator; attack vector
Tags International impact, Reviewed
Changed by Changed by: RNDr. Pavel Šmerk, Ph.D., učo 3880. Changed: 10/5/2021 05:40.
Abstract
Cyber-security protection of critical systems is one of the major challenges of today. Although the attacks typically originate from attackers with malicious intent, a substantial portion of attack vectors is enabled by unintentional perpetrators, i.e., insiders who cause an incident by negligence, carelessness, or lack of training. Prevention of these situations is challenging because insiders have better access to the organization's resources and hence, are more likely to cause harm. Moreover, the insider-mediated actions of an attack vector often come unrecognized by security admins as well as the insiders themselves.In this paper, we focus on the identification of the attack vector of unintentional perpetrators. To this end, we propose to employ specialized games that simulate the working period, while the player faces multiple dangers that might cause harm in their company. From the analysis of their actions, we discover the attack vector, which could be addressed before an actual attack happens. To reflect a variety of insiders and company environments, we introduce a platform for designing variants of these games, together with its architecture, an example of a simple game that can be created using the platform, and the used analysis method.
Links
CZ.02.1.01/0.0/0.0/16_019/0000822, interní kód MU
(CEP code: EF16_019/0000822)		Name: Centrum excelence pro kyberkriminalitu, kyberbezpečnost a ochranu kritických informačních infrastruktur (Acronym: C4e)
Investor: Ministry of Education, Youth and Sports of the CR, CyberSecurity, CyberCrime and Critical Information Infrastructures Center of Excellence, Priority axis 1: Strengthening capacities for high-quality research
EF16_019/0000822, research and development projectName: Centrum excelence pro kyberkriminalitu, kyberbezpečnost a ochranu kritických informačních infrastruktur
MUNI/A/1411/2019, interní kód MUName: Aplikovaný výzkum: softwarové architektury kritických infrastruktur, bezpečnost počítačových systémů, zpracování přirozeného jazyka a jazykové inženýrství, vizualizaci velkých dat a rozšířená realita.
Investor: Masaryk University, Category A
PrintDisplayed: 23/7/2024 02:37