Show simple item record

dc.contributor.advisorAwan, Irfan U.
dc.contributor.advisorPagna Disso, Jules F.
dc.contributor.authorMunir, Rashid*
dc.date.accessioned2017-12-18T15:42:12Z
dc.date.available2017-12-18T15:42:12Z
dc.date.issued2014
dc.identifier.urihttp://hdl.handle.net/10454/14251
dc.description.abstractCisco 2014 Annual Security Report clearly outlines the evolution of the threat landscape and the increase of the number of attacks. The UK government in 2012 recognised the cyber threat as Tier-1 threat since about 50 government departments have been either subjected to an attack or a direct threat from an attack. The cyberspace has become the platform of choice for businesses, schools, universities, colleges, hospitals and other sectors for business activities. One of the major problems identified by the Department of Homeland Security is the lack of clear security metrics. The recent cyber security breach of the US retail giant TARGET is a typical example that demonstrates the weaknesses of qualitative security, also considered by some security experts as fuzzy security. High, medium or low as measures of security levels do not give a quantitative representation of the network security level of a company. In this thesis, a method is developed to quantify the security risk level of known and unknown attacks in an enterprise network in an effort to solve this problem. The identified vulnerabilities in a case study of a UK based company are classified according to their severity risk levels using common vulnerability scoring system (CVSS) and open web application security project (OWASP). Probability theory is applied against known attacks to create the security metrics and, detection and prevention method is suggested for company network against unknown attacks. Our security metrics are clear and repeatable that can be verified scientificallyen_US
dc.language.isoenen_US
dc.rights<a rel="license" href="http://creativecommons.org/licenses/by-nc-nd/3.0/"><img alt="Creative Commons License" style="border-width:0" src="http://i.creativecommons.org/l/by-nc-nd/3.0/88x31.png" /></a><br />The University of Bradford theses are licenced under a <a rel="license" href="http://creativecommons.org/licenses/by-nc-nd/3.0/">Creative Commons Licence</a>.eng
dc.subjectEnterprise network security; Vulnerability analysis; Security assessment; Risk; Threat detection; Common Vulnerability Scoring System (CVSS)en_US
dc.titleA Quantitative Security Assessment of Modern Cyber Attacks. A Framework for Quantifying Enterprise Security Risk Level Through System's Vulnerability Analysis by Detecting Known and Unknown Threatsen_US
dc.type.qualificationleveldoctoralen_US
dc.publisher.institutionUniversity of Bradfordeng
dc.publisher.departmentFaculty of Engineering and Informaticsen_US
dc.typeThesiseng
dc.type.qualificationnamePhDen_US
dc.date.awarded2014
refterms.dateFOA2018-07-29T02:58:58Z


Item file(s)

Thumbnail
Name:
PhD Thesis.pdf
Size:
2.649Mb
Format:
PDF
Description:
PhD Thesis

This item appears in the following Collection(s)

Show simple item record