The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)
Center for Education and Research in Information Assurance and Security

Matching information security vulnerabilities to organizational security profiles: a genetic algorithm approach

Author

Mukul Gupta, Jackie Rees, Alok Chaturvedi, Jie Chi

Tech report number

CERIAS TR 2005-119

Entry type

article

Abstract

Organizations are making substantial investments in information security to reduce the risk presented by vulnerabilities in their information technology (IT) infrastructure. However, each security technology only addresses specific vulnerabilities and potentially creates additional vulnerabilities. The objective of this research is to present and evaluate a Genetic Algorithm (GA)- based approach enabling organizations to choose the minimal-cost security profile providing the maximal vulnerability coverage. This approach is compared to an enumerative approach for a given test set. The GA-based approach provides favorable results, eventually leading to improved tools for supporting information security investment decisions.

Date

2005

Key alpha

Information security; Genetic algorithms

Publisher

Elsevier B.V.

School

Purdue University and University of Connecticut

Publication Date

2005-01-01

Copyright

2004 Elsevier B.V.

Keywords

Information security; Genetic algorithms

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.