Evaluating the Security Risks of System Using Hidden Markov Models
AbstractSystem security assessment tools are either restricted to manual risk evaluation methodologies that are not appropriate for real-time application or used to determine the impact of certain events on the security status of networked systems. In this paper, we determine the strength of computer systems from the perspective of the authentication models employed at the user interface domain by introducing a novel approach to system
risk assessment. We first establish the risk of a system as the composition of the risks of individual authentication factors employed for user authentication processes, providing a more formally defined model. Using Hidden Markov Models (HMMs) we characterize the likelihood of transitions between security states of systems with different levels of
authentication factors and we provide soft evidence on the states of these systems by applying our security assessment tool to an existing multifactor authentication model. The results of the analysis and the empirical study provide insights into the authentication model design problem and establish a foundation for future research in system authentication application.