In: Lecture Notes in Computer Science : Computer Safety, Reliability, and Security, Volume 4166, 2006, pages 71-84. 2006. URL: http://dx.doi.org/10.1007/118755676.
Abstract: This article presents the effort to model the computer system security using Stochastic Activity Network (SAN). SAN is a flexible and highly adaptable branch of Stochastic Petri Nets and has a well-developed software tool, Möbius. A known model of incident process and the computer system is adapted and extended. The computer system characterised by the working state and defence mechanism strength is affected by an attack described by using stochastically distributed severity levels. The attempt to bind a stochastic attack severity level to intrusion data parameters collected by Intrusion Detection Systems is presented. The model-based computer system quantitative characteristics are analysed and survivability is chosen to evaluate the modelled computer system security. The article concludes with simulation results and future work guidelines.