Matching information security vulnerabilities to organizational security profiles: a genetic algorithm approach
Author
Mukul Gupta, Jackie Rees, Alok Chaturvedi, Jie Chi
Tech report number
CERIAS TR 2005-119
Abstract
Organizations are making substantial investments in information security to reduce the risk presented by vulnerabilities in
their information technology (IT) infrastructure. However, each security technology only addresses specific vulnerabilities and
potentially creates additional vulnerabilities. The objective of this research is to present and evaluate a Genetic Algorithm (GA)-
based approach enabling organizations to choose the minimal-cost security profile providing the maximal vulnerability
coverage. This approach is compared to an enumerative approach for a given test set. The GA-based approach provides
favorable results, eventually leading to improved tools for supporting information security investment decisions.
Key alpha
Information security; Genetic algorithms
School
Purdue University and University of Connecticut
Publication Date
2005-01-01
Copyright
2004 Elsevier B.V.
Keywords
Information security; Genetic algorithms