Date of Award:


Document Type:


Degree Name:

Master of Science (MS)


Computer Science

Committee Chair(s)

Robert F. Erbacher


Robert F. Erbacher


Chad Mano


Stephen W. Clyde


Systems and networks have been under attack from the time the Internet first came into existence. There is always some uncertainty associated with the impact of the new attacks. Compared to the problem of attack detection, analysis of attack impact has received very little attention. Generalize and forecasting the kind of attack that will hit systems in future is not possible. However, it is possible to predict the behavior of a new attack and, thereby, the impact of the attack. This thesis proposes a method for predicting the impact of a new attack on systems and networks as well as the severity of the impact of the new attack. The prediction is based on the assumption that a future attack will be similar to already existing attacks. The severity of the attack depends on a few specific system/network parameters identified in this thesis. The cumulative effect of an attack is a summation of the behavior of these identified parameters during the attack. The suggested method is based on simulating a selected number of existing attacks, collecting the results of the impact of these attacks, and using them along with attack graphs to automatically detect the impact of a new attack. A formula is proposed for calculating the impact severity percentage, which is calculated as a percentage value of the impact of the known attack. This value will help identify critical points that need special care to ensure the readiness of a network or system to withstand an attack.