|
1 Intentional Risk and Cyber-Security: A Motivating Introduction |
|
|
1 | (8) |
|
1.1 Cyber-Attacks and Cyber-Security |
|
|
1 | (3) |
|
1.2 A Mathematical Model for Managing Intentional Cyber-Risk |
|
|
4 | (2) |
|
1.3 Incorporating Game Theory to Complex Networks |
|
|
6 | (1) |
|
1.4 Static Risk, Dynamic Risk and New Algorithm Optimizations |
|
|
7 | (2) |
|
2 Mathematical Foundations: Complex Networks and Graphs (A Review) |
|
|
9 | (28) |
|
|
|
9 | (3) |
|
2.1.1 Complex Systems and Complex Networks |
|
|
9 | (1) |
|
2.1.2 Holism vs Reductionism |
|
|
10 | (1) |
|
2.1.3 Complex Networks and Intentional Risk |
|
|
11 | (1) |
|
2.2 Basic Concepts on Graphs and Networks |
|
|
12 | (15) |
|
|
|
12 | (2) |
|
|
|
14 | (1) |
|
2.2.3 Matrices, Degrees, Link Density and Some Interesting Graph Families |
|
|
14 | (2) |
|
2.2.4 Directed and Weighted Networks |
|
|
16 | (2) |
|
2.2.5 Metric Structure, Connectedness, Geodesics and Some Other Concepts |
|
|
18 | (1) |
|
2.2.6 Characteristic Path Length, Efficiency and Vulnerability of a Network |
|
|
19 | (1) |
|
2.2.7 Clustering Coefficient |
|
|
20 | (1) |
|
2.2.8 Finding Out the Critical and the Most Influential Nodes: Eigenvector Centrality |
|
|
21 | (3) |
|
2.2.9 Information Flow Management: Betweenness Centrality |
|
|
24 | (2) |
|
2.2.10 Degree Distributions |
|
|
26 | (1) |
|
2.3 Some Interesting Complex Networks Models |
|
|
27 | (4) |
|
|
|
27 | (1) |
|
|
|
28 | (1) |
|
2.3.3 Scale-Free Networks |
|
|
29 | (2) |
|
2.4 New Approaches and Developments of Interest for Our Model |
|
|
31 | (6) |
|
2.4.1 When Edges are More Important than Nodes: Line Graph and Related Concepts |
|
|
31 | (4) |
|
2.4.2 Multilayer Networks |
|
|
35 | (2) |
|
|
|
37 | (16) |
|
3.1 An Introduction to Random Walkers |
|
|
38 | (5) |
|
3.2 Different Mathematical Models of Random Walkers |
|
|
43 | (5) |
|
3.3 Applications to Intentional Risk Analysis |
|
|
48 | (5) |
|
3.3.1 Accessibility and PageRank |
|
|
48 | (1) |
|
3.3.2 Dynamic Risk, Random Walkers and Multiplex Networks |
|
|
49 | (4) |
|
4 The Role of Accessibility in the Static and Dynamic Risk Computation |
|
|
53 | (12) |
|
4.1 Introduction: Edge's Accessibility and PageRank |
|
|
53 | (2) |
|
4.2 Mathematical Formulation and Notation |
|
|
55 | (3) |
|
4.3 Edge's PageRank via Classic PageRank |
|
|
58 | (3) |
|
4.4 Edge's PageRank Through Line Graph |
|
|
61 | (1) |
|
4.5 Classic PageRank vs Line-Graph's PageRank |
|
|
62 | (3) |
|
5 Mathematical Model I: Static Intentional Risk |
|
|
65 | (34) |
|
5.1 Intentionality Complex Network for Static Risk |
|
|
65 | (3) |
|
5.2 Collapsed and Nodes and Edges Assignation Algorithms |
|
|
68 | (7) |
|
5.2.1 0-Collapsed Algorithm and Anonymity Assignation |
|
|
69 | (3) |
|
5.2.2 "Max-Path" Algorithm |
|
|
72 | (1) |
|
5.2.3 Value Assignment Algorithm |
|
|
73 | (1) |
|
5.2.4 Accessibility Assignment Algorithm |
|
|
74 | (1) |
|
5.3 Static Risk Networks Construction from the Data |
|
|
75 | (3) |
|
5.3.1 Intentionality Network of Users |
|
|
76 | (2) |
|
5.3.2 Intentionality Network of Administrators |
|
|
78 | (1) |
|
5.4 Static Risk Intentionality Network Construction Method: An Example |
|
|
78 | (18) |
|
5.4.1 Construction Scheme |
|
|
79 | (1) |
|
5.4.2 Description of the Method and an Example |
|
|
80 | (15) |
|
5.4.3 Assignment of Attributes in the Original Network |
|
|
95 | (1) |
|
5.5 Final Formula and Summary of Static Risk Model |
|
|
96 | (3) |
|
6 Mathematical Model II: Dynamic Intentional Risk |
|
|
99 | (4) |
|
6.1 Comparative Analysis: Static Risk vs Dynamic Risk |
|
|
99 | (2) |
|
6.1.1 Accessibility in the Context of Dynamic Risk |
|
|
100 | (1) |
|
|
|
101 | (2) |
|
7 Towards the Implementation of the Model |
|
|
103 | (18) |
|
|
|
103 | (5) |
|
7.1.1 IP Source and Destination Port |
|
|
103 | (1) |
|
7.1.2 IP Source (e.g. 192.168.1.105) → Destination Port (e.g. 192.168.1.250:23) |
|
|
103 | (1) |
|
7.1.3 Restricted and Unrestricted Access Levels |
|
|
104 | (2) |
|
7.1.4 Static and Dynamic Risk Access Levels |
|
|
106 | (1) |
|
7.1.5 Static Risk with Network Protocol Analyzer Sniffers |
|
|
106 | (1) |
|
7.1.6 Dynamic Risk with Network Vulnerability Scanners |
|
|
106 | (2) |
|
|
|
108 | (1) |
|
|
|
108 | (1) |
|
7.4 Development of the Proof of Concept Software |
|
|
108 | (2) |
|
7.4.1 Software Architecture |
|
|
109 | (1) |
|
|
|
110 | (11) |
|
|
|
112 | (1) |
|
|
|
112 | (1) |
|
7.5.3 Anonymity, Accessibility and Value |
|
|
112 | (1) |
|
7.5.4 Further Work for the PoC |
|
|
113 | (8) |
| References |
|
121 | |
