Probabilistic Analysis In Cyber Security: How To Determine The Likelihood Of Events

Deterministic Analysis and Probabilistic Analysis In Cybersecurity

Statistical techniques can be used to evaluate the risk that exploits will be successful in a given network. This type of analysis can help decision-makers to better evaluate the cost of mitigating a threat with the damage that an exploit could cause.
Two general approaches used to do this are deterministic and probabilistic analysis.
The deterministic analysis evaluates risk based on what is known about a vulnerability.
It assumes that for an exploit to be successful all prior steps in the exploit process must also be successful.
This type of risk analysis can only describe the worst case. However, many threat actors, although aware of the process to carry out an exploit, may lack the knowledge or expertise to successfully complete each step on the path to a successful exploit.
This can give the cybersecurity analyst an opportunity to detect the exploit and stop it before it proceeds any further.
The probabilistic analysis estimates the potential success of an exploit by estimating the likelihood that if one step in an exploit has successfully been completed that the next step will also be successful.
Probabilistic analysis is especially useful in real-time network security analysis in which numerous variables are at play and a given threat actor can make unknown decisions as an exploit is pursued.

 

The probabilistic analysis relies on statistical techniques that are designed to estimate the probability that an event will occur based on the likelihood that prior events will occur.
Using this type of analysis, the most likely paths that an exploit will take can be estimated and the attention of security personnel can be focused on preventing or detecting the most likely exploit.
In a deterministic analysis, all of the information to accomplish an exploit is assumed to be known. The characteristics of the exploit, such as the use of specific port numbers, are known either from other instances of the exploit or because standardized ports are in use.
In probabilistic analysis, it is assumed that the port numbers that will be used can only be predicted with some degree of confidence.
In this situation, an exploit that uses dynamic port numbers, for example, cannot be analyzed deterministically. Such exploits have been optimized to avoid detection by firewalls that use static rules.

 

PEOPLE ALSO READ:  Understanding AAA Operation In Cyber Security

The two approaches are summarized below.

  • Deterministic Analysis – For an exploit to be successful, all prior steps in the exploit must also be successful. The cybersecurity analyst knows the steps for a successful exploit.
  • Probabilistic Analysis – Statistical techniques are used to determine the probability that a successful exploit will occur based on the likelihood that each step in the exploit will succeed.

 

Do you enjoy this article, add Our Posts to your Reading List.

To Get Email Updates when we post new contents, Click Here.

Loading

Related Posts

The Omnipresence Of God. RCCG Sunday School Manual.The Omnipresence Of God. RCCG Sunday School Manual.
The Omnipresence Of God. RCCG Sunday School...
TOPIC: The Omnipresence Of God
PEOPLE ALSO READ:  How To Establish Incident Response Capability
MEMORY VERSE: “Neither is there any creature...
Read more
Customer Lifetime Value In CRMCustomer Lifetime Value In CRM
Customer Lifetime Value In CRM: How To...
Analysing Customer Lifetime Value In CRM     Customer Lifetime Value (CLV) is...
Read more
3 Blogging Strategy For New Bloggers3 Blogging Strategy For New Bloggers
3 Blogging Strategy For New Bloggers
If you already have an online business or a website,...
Read more
Google search consoleGoogle search console
Google Search Console For SEO: Why It...
  Anyone with a website! From generalist to specialist, from newbie...
Read more
How Projects Can Enable Business Value CreationHow Projects Can Enable Business Value Creation
Enabling Business Value Creation: The Role Of...
  Project Management Institute defines business value as the net quantifiable...
Read more
MFM 70 Days Fasting And PrayersMFM 70 Days Fasting And Prayers
Day 52: 2021 MFM 70 Days Fasting...
  MFM 2023 70 Days Devotional Songs Praise and Worship Prayers of Praise...
Read more
2022 MFM 70 Days Fasting And Prayer2022 MFM 70 Days Fasting And Prayer
Day 67: 2022 MFM 70 Days Fasting...
  MFM 70 Days Devotional songs (pages 4-10) Praise and Worship Prayers of...
Read more
Projects Can Drive Organisational ChangeProjects Can Drive Organisational Change
Video: How Projects Can Drive Organisational Change
  This article discusses some of the ways that projects can...
Read more
CRMNuggets Whatsapp Channel
telegram
truehost
About Adeniyi Salau 1569 Articles
Adeniyi Salau is a highly dedicated and committed Blogger of repute. He likes sharing his IT knowledge with others. My desire is to impact as many lives as possible with my IT skills. You can download my mobile APP. Download the ICTLOAD APP on Google Playstore. Thanks.

Be the first to comment

Leave a Reply

Your email address will not be published.


*