Evaluating damage from cyber attacks: A model and analysis

Accurate recovery from a cyber attack depends on fast and perfect damage as sessment. For damage assessment, traditional recovery methods require that the log of an affected database must be scanned starting from the attacking transaction until the end. This is a time- consuming task. Our objective i n this research is to provide techniques that can be used to accelerate dam age appraisal process and produce correct result. In this paper, we have pr esented a damage assessment model and four data structures associated with the model. Each of these structures uses dependency relationships among tra nsactions, which update the database. These relationships are later used to determine exactly which transactions and exactly which data items are affe cted by the attacker. A performance comparison analysis obtained using simu lation is provided to demonstrate the benefit of our model.