Hypergraph‐driven mitigation of cyberattacks

González-Granadillo, Gustavo; Doynikova, Elena; Kotenko, Igor; García-Alfaro, Joaquín

doi:10.1002/itl2.38

Cited by 3 publications

(3 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…All the other previous works tackle simpler search problems by only focusing on a single mitigation class (Marsa-Maestre et al [21]), a one-to-one mapping from attack action classes to mitigation action classes (Sandor et al [28]) or a one-to-many mapping from the former to the latter (Lysenko et al [19], Huertas-Celdran et al [5], [20]). While Gonzales-Granadillo et al [12], Kanoun et al [16], Javornik et, al. [15], Yuan et al [36], and Vieira et al [33] make other original proposals, they either do not discuss their implementation or do not evaluate it through an experiment or simulation, making it difficult to assess their practical applicability.…”

Section: Related Workmentioning

confidence: 99%

Intelligent Decision Support for Cybersecurity Incident Response Teams: Autonomic Architecture and Mitigation Search

Correa

Robin

Mazo

et al. 2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Critical infrastructures must be able to mitigate, at runtime, suspected ongoing cyberattacks that have eluded preventive security measures. To tackle this issue, we first propose an autonomic computing architecture for a Cyber-Security Incident Response Team Intelligent Decision Support System (CSIRT-IDSS) with a precise set of technologies for each of its components. We then zoom in on the component responsible for proposing to the CSIRT, automatically ranked sets of runtime actions to mitigate suspected ongoing cyber-attacks. We formalize its task as a Constraint Optimization Problem (COP). We then propose to implement it by a Constraint Object-Oriented Logic Program (COOLP) deployed as a containerized web service through the integration of three orthogonal extensions of Logic Programming (LP): Web Service Oriented LP (WSOLP) [34] Constraint LP (CLP) [10] and Object-Oriented LP (OOLP) [23]. This integration supports seamlessly reusing platform and task independent cybersecurity ontological knowledge to dynamically build a mitigation action search COP that is customized to an input suspected cyberattack action set. This customization then allows the COP, to be solved by a generic CLP engine efficiently enough to propose mitigation actions to the CSIRT team while they can still be effective. To validate this approach, we implemented a prototype called CARMAS (Cyber Attack Runtime Mitigation Action Search) and ran scalability tests on simulated attacks with various COP construction strategies.

show abstract

Section: Related Workmentioning

confidence: 99%

Intelligent Decision Support for Cybersecurity Incident Response Teams: Autonomic Architecture and Mitigation Search

Correa

Robin

Mazo

et al. 2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Li et al 59 in 2020 encountered countermeasures selection for multipath attacks formulated as an optimization problem and proved the problem to be NP‐hard. Gonzalez‐Granadillo et al 60 proposed a countermeasure selection using hypergraph, a concept defined in the author's previous work 61 …”

Section: Related Workmentioning

confidence: 99%

“…Gonzalez-Granadillo et al 60 proposed a countermeasure selection using hypergraph, a concept defined in the author's previous work. 61 Kotenko and Doynikova 62 outlined the uncertainty of attacker behavior and the complexity of interconnections between resources in modern distributed systems. The authors propose a model-driven approach to the security assessment and countermeasure selection that is based on integration with security information and event management systems, namely the open standards and databases.…”

Section: Decision Support In Cybersecuritymentioning

confidence: 99%

Mission‐centric decision support in cybersecurity via Bayesian Privilege Attack Graph

Javorník

Husák

2022

Engineering Reports

View full text Add to dashboard Cite

We present an approach to decision support in cybersecurity with respect to cyber threats and stakeholders' requirements. We approach situations in which cybersecurity experts need to take actions to mitigate the risks, such as temporarily putting an IT system out of operation, but need to consult them with other stakeholders. We propose a decision support system that uses a mission decomposition model representing the organization's functional and security requirements on its IT infrastructure. Based on the cybersecurity state assessment, that is, discovery of vulnerabilities and attacker's position, the decision support system calculates the resilience metrics for each IT infrastructure's configuration, that is, how likely are they to not be disrupted. The calculation is enabled by two novel formal models, Privilege-Exploit Attack Graph and Bayesian Privilege Attack Graph, which reduce complex attack graphs into a comprehensible bipartite graph. Moreover, they illustrate the impact of exploiting the vulnerabilities and attackers gaining the privileges. The system recommends the most resilient mission configurations that are comprehensible to both cybersecurity experts and non-technical stakeholders, who may then choose which configuration to apply. Our approach is illustrated in a case study of a real-world medical information system.

show abstract