IDEAS home Printed from https://ideas.repec.org/a/wly/intnem/v26y2016i6p553-578.html
   My bibliography  Save this article

Security novel risk assessment framework based on reversible metrics: a case study of DDoS attacks on an E‐commerce web server

Author

Listed:
  • Kamel Karoui

Abstract

Network security management is a complex and costly task. This is due to the diversity and the large number of assets to protect from potential threats. It is difficult for enterprises to ensure complete security of their information technology resources. They need to give priority to critical and vulnerable assets. Thus, for each asset, they assess the risks associated with various threats. Then, depending on risk level, they can decide which asset needs a particular security treatment. In this paper, we propose a novel risk assessment framework based on a set of reversible metrics. It is based on new metrics for the likelihood and impact parameters. These metrics have as a primary objective to solve the problem of weighting the risk factors that lead to different risk values. The proposed metrics are classified and aggregated to provide a unique risk metric. We are using a new bitwise method for aggregating called ‘bit alternation’. This method ensures the reversibility of the likelihood and impact metrics. It has many advantages: unifying metrics, diagnosing the cause of high risks, comparing the values of the risk calculated with different weighting strategies, exchanging standard risk values, etc. To illustrate our method, we have applied it to assess risks of some distributed denial of service attacks for an e‐commerce enterprise that wants to see the level of security of its retail web server. To demonstrate the effectiveness of our results, we have compared them with those obtained by the weighted average method. Copyright © 2016 John Wiley & Sons, Ltd.

Suggested Citation

  • Kamel Karoui, 2016. "Security novel risk assessment framework based on reversible metrics: a case study of DDoS attacks on an E‐commerce web server," International Journal of Network Management, John Wiley & Sons, vol. 26(6), pages 553-578, November.
    • Handle: RePEc:wly:intnem:v:26:y:2016:i:6:p:553-578
    DOI: 10.1002/nem.1956
    as

    Download full text from publisher

    File URL: https://doi.org/10.1002/nem.1956
    Download Restriction: no
    File URL: https://libkey.io/10.1002/nem.1956?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Aven, Terje, 2008. "A semi-quantitative approach to risk analysis, as an alternative to QRAs," Reliability Engineering and System Safety, Elsevier, vol. 93(6), pages 790-797.
    2. Hallikas, Jukka & Virolainen, Veli-Matti & Tuominen, Markku, 2002. "Risk analysis and assessment in network environments: A dyadic case study," International Journal of Production Economics, Elsevier, vol. 78(1), pages 45-55, July.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Hongbo Li & Zhenzhen Wang & Zhijie Yuan & Xin Yan, 2023. "Multidimensional Evaluation of Consumers’ Shopping Risks under Live-Streaming Commerce," Sustainability, MDPI, vol. 15(19), pages 1-14, September.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Neelke Doorn, 2015. "The Blind Spot in Risk Ethics: Managing Natural Hazards," Risk Analysis, John Wiley & Sons, vol. 35(3), pages 354-360, March.
    2. Sefer Burak Kacar & Bülent Sezen & Hakan Kitapçi, 2018. "An Empirical Examination of Supply Chain Sustainability in Turkish Automotive Sector: Using the PLS-SEM Approach," International Business Research, Canadian Center of Science and Education, vol. 11(1), pages 44-58, January.
    3. Roshanak Nateghi & Seth D. Guikema & Yue (Grace) Wu & C. Bayan Bruss, 2016. "Critical Assessment of the Foundations of Power Transmission and Distribution Reliability Metrics and Standards," Risk Analysis, John Wiley & Sons, vol. 36(1), pages 4-15, January.
    4. E B Abrahamsen & T Aven & R S Iversen, 2010. "Integrated framework for safety management and uncertainty management," Journal of Risk and Reliability, , vol. 224(2), pages 97-103, June.
    5. M. Ali Ülkü & Melek Akgün & Uday Venkatadri & Claver Diallo & Simranjeet S. Chadha, 2020. "Managing Environmental and Operational Risks for Sustainable Cotton Production Logistics: System Dynamics Modelling for a Textile Company," Logistics, MDPI, vol. 4(4), pages 1-20, December.
    6. Berner, Christine Louise & Flage, Roger, 2016. "Comparing and integrating the NUSAP notational scheme with an uncertainty based risk perspective," Reliability Engineering and System Safety, Elsevier, vol. 156(C), pages 185-194.
    7. Kengpol, Athakorn & Meethom, Warapoj & Tuominen, Markku, 2012. "The development of a decision support system in multimodal transportation routing within Greater Mekong sub-region countries," International Journal of Production Economics, Elsevier, vol. 140(2), pages 691-701.
    8. Julie Shortridge & Janey Smith Camp, 2019. "Addressing Climate Change as an Emerging Risk to Infrastructure Systems," Risk Analysis, John Wiley & Sons, vol. 39(5), pages 959-967, May.
    9. Beyza, Jesus & Gil, Pablo & Masera, Marcelo & Yusta, Jose M., 2020. "Security assessment of cross-border electricity interconnections," Reliability Engineering and System Safety, Elsevier, vol. 201(C).
    10. Amol Gore & Pekka Kess, 2014. "Treading the Risks in International Management," International Journal of Management, Knowledge and Learning, International School for Social and Business Studies, Celje, Slovenia, vol. 3(1), pages 125-141.
    11. Lo Nigro, Giovanna & Abbate, Lorenzo, 2011. "Risk assessment and profit sharing in business networks," International Journal of Production Economics, Elsevier, vol. 131(1), pages 234-241, May.
    12. Guertler, Benjamin & Spinler, Stefan, 2015. "Supply risk interrelationships and the derivation of key supply risk indicators," Technological Forecasting and Social Change, Elsevier, vol. 92(C), pages 224-236.
    13. Yutong Liu & Jian Du & Taewon Kang & Mingu Kang, 2024. "Establishing supply chain transparency and its impact on supply chain risk management and resilience," Operations Management Research, Springer, vol. 17(3), pages 1157-1171, September.
    14. Aven, Terje & Zio, Enrico, 2011. "Some considerations on the treatment of uncertainties in risk assessment for practical decision making," Reliability Engineering and System Safety, Elsevier, vol. 96(1), pages 64-74.
    15. Simeu-Abazi, Zineb & Di Mascolo, Maria & Knotek, Michal, 2010. "Fault diagnosis for discrete event systems: Modelling and verification," Reliability Engineering and System Safety, Elsevier, vol. 95(4), pages 369-378.
    16. Roger Flage & Terje Aven & Enrico Zio & Piero Baraldi, 2014. "Concerns, Challenges, and Directions of Development for the Issue of Representing Uncertainty in Risk Assessment," Risk Analysis, John Wiley & Sons, vol. 34(7), pages 1196-1207, July.
    17. Eriksson, Kent & Jonsson, Sara & Lindbergh, Jessica & Lindstrand, Angelika, 2014. "Modeling firm specific internationalization risk: An application to banks’ risk assessment in lending to firms that do international business," International Business Review, Elsevier, vol. 23(6), pages 1074-1085.
    18. Guikema, S.D. & Aven, T., 2010. "Is ALARP applicable to the management of terrorist risks?," Reliability Engineering and System Safety, Elsevier, vol. 95(8), pages 823-827.
    19. Zio, Enrico & Aven, Terje, 2011. "Uncertainties in smart grids behavior and modeling: What are the risks and vulnerabilities? How to analyze them?," Energy Policy, Elsevier, vol. 39(10), pages 6308-6320, October.
    20. Hallikas, Jukka & Karvonen, Iris & Pulkkinen, Urho & Virolainen, Veli-Matti & Tuominen, Markku, 2004. "Risk management processes in supplier networks," International Journal of Production Economics, Elsevier, vol. 90(1), pages 47-58, July.

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:wly:intnem:v:26:y:2016:i:6:p:553-578. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Wiley Content Delivery (email available below). General contact details of provider: https://doi.org/10.1002/(ISSN)1099-1190 .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.