IDEAS home Printed from https://ideas.repec.org/a/wly/intnem/v26y2016i6p553-578.html
   My bibliography  Save this article

Security novel risk assessment framework based on reversible metrics: a case study of DDoS attacks on an E‐commerce web server

Author

Listed:
  • Kamel Karoui

Abstract

Network security management is a complex and costly task. This is due to the diversity and the large number of assets to protect from potential threats. It is difficult for enterprises to ensure complete security of their information technology resources. They need to give priority to critical and vulnerable assets. Thus, for each asset, they assess the risks associated with various threats. Then, depending on risk level, they can decide which asset needs a particular security treatment. In this paper, we propose a novel risk assessment framework based on a set of reversible metrics. It is based on new metrics for the likelihood and impact parameters. These metrics have as a primary objective to solve the problem of weighting the risk factors that lead to different risk values. The proposed metrics are classified and aggregated to provide a unique risk metric. We are using a new bitwise method for aggregating called ‘bit alternation’. This method ensures the reversibility of the likelihood and impact metrics. It has many advantages: unifying metrics, diagnosing the cause of high risks, comparing the values of the risk calculated with different weighting strategies, exchanging standard risk values, etc. To illustrate our method, we have applied it to assess risks of some distributed denial of service attacks for an e‐commerce enterprise that wants to see the level of security of its retail web server. To demonstrate the effectiveness of our results, we have compared them with those obtained by the weighted average method. Copyright © 2016 John Wiley & Sons, Ltd.

Suggested Citation

  • Kamel Karoui, 2016. "Security novel risk assessment framework based on reversible metrics: a case study of DDoS attacks on an E‐commerce web server," International Journal of Network Management, John Wiley & Sons, vol. 26(6), pages 553-578, November.
    • Handle: RePEc:wly:intnem:v:26:y:2016:i:6:p:553-578
    DOI: 10.1002/nem.1956
    as

    Download full text from publisher

    File URL: https://doi.org/10.1002/nem.1956
    Download Restriction: no
    File URL: https://libkey.io/10.1002/nem.1956?utm_source=ideas
    LibKey link: if access is restricted and if your library uses this service, LibKey will redirect you to where you can use your library subscription to access this item
    ---><---

    References listed on IDEAS

    as
    1. Aven, Terje, 2008. "A semi-quantitative approach to risk analysis, as an alternative to QRAs," Reliability Engineering and System Safety, Elsevier, vol. 93(6), pages 790-797.
    2. Hallikas, Jukka & Virolainen, Veli-Matti & Tuominen, Markku, 2002. "Risk analysis and assessment in network environments: A dyadic case study," International Journal of Production Economics, Elsevier, vol. 78(1), pages 45-55, July.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Hongbo Li & Zhenzhen Wang & Zhijie Yuan & Xin Yan, 2023. "Multidimensional Evaluation of Consumers’ Shopping Risks under Live-Streaming Commerce," Sustainability, MDPI, vol. 15(19), pages 1-14, September.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Neelke Doorn, 2015. "The Blind Spot in Risk Ethics: Managing Natural Hazards," Risk Analysis, John Wiley & Sons, vol. 35(3), pages 354-360, March.
    2. Sefer Burak Kacar & Bülent Sezen & Hakan Kitapçi, 2018. "An Empirical Examination of Supply Chain Sustainability in Turkish Automotive Sector: Using the PLS-SEM Approach," International Business Research, Canadian Center of Science and Education, vol. 11(1), pages 44-58, January.
    3. Guertler, Benjamin & Spinler, Stefan, 2015. "When does operational risk cause supply chain enterprises to tip? A simulation of intra-organizational dynamics," Omega, Elsevier, vol. 57(PA), pages 54-69.
    4. Roshanak Nateghi & Seth D. Guikema & Yue (Grace) Wu & C. Bayan Bruss, 2016. "Critical Assessment of the Foundations of Power Transmission and Distribution Reliability Metrics and Standards," Risk Analysis, John Wiley & Sons, vol. 36(1), pages 4-15, January.
    5. Tan, Samson & Moinuddin, Khalid, 2019. "Systematic review of human and organizational risks for probabilistic risk analysis in high-rise buildings," Reliability Engineering and System Safety, Elsevier, vol. 188(C), pages 233-250.
    6. Berner, Christine Louise & Flage, Roger, 2017. "Creating risk management strategies based on uncertain assumptions and aspects from assumption-based planning," Reliability Engineering and System Safety, Elsevier, vol. 167(C), pages 10-19.
    7. Madhukar Chhimwal & Saurabh Agrawal & Girish Kumar, 2021. "Measuring Circular Supply Chain Risk: A Bayesian Network Methodology," Sustainability, MDPI, vol. 13(15), pages 1-22, July.
    8. Askeland, Tore & Flage, Roger & Aven, Terje, 2017. "Moving beyond probabilities – Strength of knowledge characterisations applied to security," Reliability Engineering and System Safety, Elsevier, vol. 159(C), pages 196-205.
    9. Johansson, Jonas & Hassel, Henrik & Zio, Enrico, 2013. "Reliability and vulnerability analyses of critical infrastructures: Comparing two approaches in the context of power systems," Reliability Engineering and System Safety, Elsevier, vol. 120(C), pages 27-38.
    10. Shortridge, Julie & Aven, Terje & Guikema, Seth, 2017. "Risk assessment under deep uncertainty: A methodological comparison," Reliability Engineering and System Safety, Elsevier, vol. 159(C), pages 12-23.
    11. Khan, Bushra & Khan, Faisal & Veitch, Brian & Yang, Ming, 2018. "An operational risk analysis tool to analyze marine transportation in Arctic waters," Reliability Engineering and System Safety, Elsevier, vol. 169(C), pages 485-502.
    12. Aven, Terje, 2016. "Supplementing quantitative risk assessments with a stage addressing the risk understanding of the decision maker," Reliability Engineering and System Safety, Elsevier, vol. 152(C), pages 51-57.
    13. Ahmad Jafarnejad & Mehran Ebrahimi & Mohammad Ali Abbaszadeh & Seyed Mehdi Abtahi, 2014. "Risk Management in Supply Chain using Consistent Fuzzy Preference Relations," International Journal of Academic Research in Business and Social Sciences, Human Resource Management Academic Research Society, International Journal of Academic Research in Business and Social Sciences, vol. 4(1), pages 77-89, January.
    14. E B Abrahamsen & T Aven & R S Iversen, 2010. "Integrated framework for safety management and uncertainty management," Journal of Risk and Reliability, , vol. 224(2), pages 97-103, June.
    15. M. Ali Ülkü & Melek Akgün & Uday Venkatadri & Claver Diallo & Simranjeet S. Chadha, 2020. "Managing Environmental and Operational Risks for Sustainable Cotton Production Logistics: System Dynamics Modelling for a Textile Company," Logistics, MDPI, vol. 4(4), pages 1-20, December.
    16. Berner, Christine Louise & Flage, Roger, 2016. "Comparing and integrating the NUSAP notational scheme with an uncertainty based risk perspective," Reliability Engineering and System Safety, Elsevier, vol. 156(C), pages 185-194.
    17. Guikema, Seth D. & Aven, Terje, 2010. "Assessing risk from intelligent attacks: A perspective on approaches," Reliability Engineering and System Safety, Elsevier, vol. 95(5), pages 478-483.
    18. Selvik, J.T. & Aven, T., 2011. "A framework for reliability and risk centered maintenance," Reliability Engineering and System Safety, Elsevier, vol. 96(2), pages 324-331.
    19. Fan, Huan & Li, Gang & Sun, Hongyi & Cheng, T.C.E., 2017. "An information processing perspective on supply chain risk management: Antecedents, mechanism, and consequences," International Journal of Production Economics, Elsevier, vol. 185(C), pages 63-75.
    20. da Cunha, Richard Alex & Rangel, Luís Alberto Duncan & Rudolf, Christian A. & Santos, Luiza dos, 2022. "A decision support approach employing the PROMETHEE method and risk factors for critical supply assessment in large-scale projects," Operations Research Perspectives, Elsevier, vol. 9(C).

    More about this item

    Statistics

    Access and download statistics

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:wly:intnem:v:26:y:2016:i:6:p:553-578. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Wiley Content Delivery (email available below). General contact details of provider: https://doi.org/10.1002/(ISSN)1099-1190 .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.