Security risk analysis using Markov chain model

Dr. Leitold Ferenc

College of Dunaújváros

fleitold@mail.duf.hu

Nowadays the security problem of computer networks is bigger and bigger. There are attacks using manual and purpose-designed tools as well, but in the last few years there are special malware using automatic mechanism. Attackers often use the effects of malware. In some cases attackers intentionally launch a malware therefore attackers can remote control the (botnet) network of infected computers for later attacks.

Nowadays attacks on computer networks use the communication among computers and computer users as well.

For example they are the worms spreading using email messages, malware using botnet networks and attacks based on personal communication (social engineering). In this paper a new mathematical model for attacks using communication will be described. First the communication is among computers and on the other hand the communication among computer users as well. The described mathematical model is able to simulate the attacker possibilities. With the aid of this model the points of the network accessible by attackers can be identified. This model can help to establish the most dangerous points among accessible points, to identify critical communication channels and protocols, thus it is possible to find the weak points of a security system.