Belief and Plausibility Measures in Assessing information Security Risks

Purpose of the research: to develop methods for assessing information security risks under uncertainty, to describe the mechanism of propagating belief and plausibility in the attack graph.Research method: application of soft computing techniques, including the combination of Dempster-Shafer evidence theory, integration with respect to non-additive measures of belief and plausibility.Research result: risk assessment methods and methods for assessing expected losses have been developed in the case when risk factors are characterized by high uncertainty and do not allow sufficiently justified applying objective (probabilistic) assessment methods. The initial information is the upper and lower estimates of the probability of risk realization. Using the methods of the Dempster-Shafer evidence theory, belief and plausibility measures are built on the attack graph. An approach is described that allows building belief and plausibility measures in the space of attack scenarios based on probabilistic estimates of typical information security events. It is shown how the expected damage (severity) can be estimated by the expectation of damage with respect to to these measures using the Choquet integral. Scientific novelty: a method of propagation belief along the attack graph has been developed. The method is based on an original approach to evaluating logical combinations of evidence given on binary frames and represented by disjunctive normal forms.