Dynamical Calculation of Security Metrics for Countermeasure Selection in Computer Networks

Kotenko, Igor; Doynikova, Elena

doi:10.1109/pdp.2016.96

Cited by 27 publications

(25 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To date, more than 100 000 vulnerabilities for more than 60 000 hardware and software products have been found. Vulnerability databases, as databases of a particular type of security data, are used in vulnerability scanners [29], Web application firewalls [32], and also applied in conjunction with other security information to evaluate network infrastructure security by attack modeling [1,18,19] and risk assessment [9,21].…”

Section: Security Sources and Related Workmentioning

confidence: 99%

An Ontology-based Storage of Security Information

Kotenko

Fedorchenko

Doynikova

et al. 2018

ITC

Self Cite

View full text Add to dashboard Cite

The paper suggests an ontology-based approach for design of security data storage. It analyzes heterogeneous security information for construction of the security storage and the statistics of links between various security data sources. The suggested ontological model of the data storage allows connecting both heterogeneous security data and security data of the same type from various sources. The main features the ontological model, its key elements and links between them are described in details. In addition, the authors introduce the developed prototype of the ontological data storage and provide examples of its usage for security evaluation.

show abstract

Section: Security Sources and Related Workmentioning

confidence: 99%

An Ontology-based Storage of Security Information

Kotenko

Fedorchenko

Doynikova

et al. 2018

ITC

Self Cite

View full text Add to dashboard Cite

show abstract

“…The dynamic countermeasure selection technique was presented earlier by Kotenko and Doynikova. 6 This paper discloses the steps of the technique in detail. The common approach, applied metrics, and techniques are outlined in the next section.…”

Section: Related Workmentioning

confidence: 99%

“…New elements of the suggested solutions that were not presented earlier are as follows: modified integrated security metrics taxonomy; dynamic model of the metrics calculation, definition of security level and selection of countermeasures. The paper is an extended version of the paper presented at the 24th Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP'16) 6 : we extended the review of the related works; we added a detailed description of the suggested techniques for the metrics calculation and of the models that are used for these calculations; we clarified the technique of the countermeasure selection; and we extended the description of the developed security assessment and countermeasure selection system and of the experiments.…”

Section: Introductionmentioning

confidence: 99%

Selection of countermeasures against network attacks based on dynamical calculation of security metrics

Kotenko

Doynikova

2017

Journal of Defense Modeling & Simulation

Self Cite

View full text Add to dashboard Cite

This paper considers the issue of countermeasure selection for ongoing computer network attacks. We outline several challenges that should be overcome for the efficient response: the uncertainty of an attacker behavior, the complexity of interconnections between the resources of the modern distributed systems, the huge set of security data, time limitations, and balancing between countermeasure costs and attack losses. Although there are many works that are focused on the particular challenges, we suppose that there is still a need for an integrated solution that takes into account all of these issues. We suggest a model-driven approach to the security assessment and countermeasure selection in the computer networks that takes into account characteristics of different objects of assessment. The approach is based on integration with security information and event management systems to consider the dynamics of attack development, taking into account security event processing. Open standards and databases are used to automate security data processing. The suggested technique for countermeasure selection is based on the countermeasure model that was defined on the basis of open standards, the family of interrelated security metrics, and the security analysis technique based on attack graphs and service dependencies. We describe the prototype of the developed system and validate it on several case studies.

show abstract

“…Some research works has been conducted in the assessment of security measures. Kotenko et al [12,13], e.g., propose a framework for cyber attack modeling and impact assessment based on attack graph generation, real-time event analysis techniques, prognosis of future malefactor steps, attack impact assessment, and anytime approach for attack graph building and analysis. We differ from these research as we do not propose new algorithms or methods of attack graph construction, instead, we propose a novel framework that processes input data to generate response plans for pre-defined threat scenarios.…”

Section: Related Workmentioning

confidence: 99%

Towards an Automated and Dynamic Risk Management Response System

et al. 2016

View full text Add to dashboard Cite

Abstract. Achieving a fully automated and dynamic system in critical infrastructure scenarios is an open issue in ongoing research. Generally, decisions in SCADA systems require a manual intervention, that in most of the cases is performed by highly experienced operators. In this paper we propose a framework consisting of a proactive management software that aims at anticipating the occurrence of potential attacks. It conducts an initial evaluation of reported proactive evidences based on a quantitative metric of monetary return on response investment. The framework evaluates and selects mitigation actions from a pool of candidates, by ranking them in terms of financial and operational impacts. The purpose of this process is to select an optimal set of mitigation actions from financial and operational perspectives and propose them to reduce the risk of threats against the monitored system, without sacrificing an organization's missions in favor of security. A real world case study of a SCADA environment shows the applicability of the model, from the analysis of the input data to the selection of the response plan.

show abstract

Dynamical Calculation of Security Metrics for Countermeasure Selection in Computer Networks

Cited by 27 publications

References 18 publications

An Ontology-based Storage of Security Information

An Ontology-based Storage of Security Information

Selection of countermeasures against network attacks based on dynamical calculation of security metrics

Towards an Automated and Dynamic Risk Management Response System

Contact Info

Product

Resources

About