Common Framework for Attack Modeling and Security Evaluation in SIEM Systems

@article{Kotenko2012CommonFF,
  title={Common Framework for Attack Modeling and Security Evaluation in SIEM Systems},
  author={Igor V. Kotenko and Andrey Chechulin},
  journal={2012 IEEE International Conference on Green Computing and Communications},
  year={2012},
  pages={94-101}
}
  • I. Kotenko, A. Chechulin
  • Published 20 November 2012
  • Computer Science
  • 2012 IEEE International Conference on Green Computing and Communications
The paper suggests a framework for attack modeling and security evaluation in Security Information and Event Management (SIEM) systems. It is supposed that the common approach to attack modeling and security evaluation is based on modeling of a malefactor's behavior, generating a common attack graph, calculating different security metrics and providing risk analysis procedures. Key elements of suggested architectural solutions for attack modeling and security evaluation are using a… 
Computer attack modeling and security evaluation based on attack graphs
  • I. Kotenko, A. Chechulin
  • Computer Science
    2013 IEEE 7th International Conference on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS)
  • 2013
The paper considers an approach to computer attack modeling and security evaluation which is suggested to realize in advanced Security Information and Event Management (SIEM) systems. It is based on
Fast Network Attack Modeling and Security Evaluation based on Attack Graphs
TLDR
An approach to network attack modeling and security evaluation which is realized in advanced Security Information and Event Management (SIEM) systems is suggested, based on modeling of computer network and malefactors’ behaviors and the use of special algorithms for construction, modification and analysis of attack graphs aimed at rapid security evaluation.
A Cyber Attack Modeling and Impact Assessment framework
TLDR
The architecture of the Cyber Attack Modeling and Impact Assessment Component (CAMIAC) is proposed, the prototype of the component, the results of experiments carried out, and comparative analysis of the techniques used are presented.
Evaluation of Computer Network Security based on Attack Graphs and Security Event Processing
TLDR
An approach to the security assessment based on the attack graphs that can be implemented in contemporary Security Information and Event Management (SIEM) systems is suggested.
Security metrics for risk assessment of distributed information systems
  • I. Kotenko, E. Doynikova
  • Computer Science
    2013 IEEE 7th International Conference on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS)
  • 2013
TLDR
The paper considers the main issues and recommendations for using the risk assessment techniques based on the analysis of static, dynamic and historical security information, and proposed techniques, based on attack graphs and service dependencies, allow evaluating security of network topologies, malefactors and attack characteristics.
Selection of countermeasures against network attacks based on dynamical calculation of security metrics
TLDR
A model-driven approach to the security assessment and countermeasure selection in the computer networks that takes into account characteristics of different objects of assessment is suggested and the prototype of the developed system is described and validated on several case studies.
COMPREHENSIVE MULTILEVEL SECURITY RISK ASSESSMENT OF DISTRIBUTED INFORMATION SYSTEMS
TLDR
The paper suggests the multilevel approach to the risk assessment that is based on the system of security metrics and techniques based on attack graphs and service dependencies that allow evaluating security of network topologies, malefactors and attack characteristics.
Scalable attack modelling in support of security information and event management
TLDR
Network Vulnerability Analyser (NVA), a proof of concept implementation of an automated attack graph based tool, to assist in evaluation of network security, assessing whether a sequence of actions could lead to an attacker gaining access to critical network resources.
Integrated Repository of Security Information for Network Security Evaluation
TLDR
The structure of the integrated repository and the model of security information integration are proposed, the repository implementation is described and the results of experiments with the repository are analyzed.
A Simulation Based SIEM Framework to Attribute and Predict Attacks Candidate
We present a Security Information and Event Management (SIEM) framework to correlate, attribute and predict attacks against an ICT system. The output of the assessment of ICT risk, that exploits
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 48 REFERENCES
Network Security Evaluation Based on Simulation of Malfactor's Behavior
The approach to computer network security analysis intended for using both at design and exploitation stages is suggested. This approach is based on simulation of malefactor’s behavior, generating
Attack Graph Based Evaluation of Network Security
TLDR
A new approach to security evaluation based on comprehensive simulation of malefactor's actions, construction of attack graphs and computation of different security metrics is suggested.
Security Analysis of Information Systems Taking into Account Social Engineering Attacks
TLDR
An attack trees based approach to security analysis of information systems based on software-technical and social engineering attacks is suggested and conceptions of legitimate users and control areas are defined.
Attack Modeling for Information Security and Survivability
Abstract : Many engineering disciplines rely on engineering failure data to improve their designs. Unfortunately, this is not the case with information system engineers, who generally do not use
Computer-attack graph generation tool
TLDR
The status of the tool is presented and implementation issues are discussed, especially focusing on the data input needs and methods for eliminating redundant paths and nodes in the graph.
Modeling Modern Network Attacks and Countermeasures Using Attack Graphs
By accurately measuring risk for enterprise networks, attack graphs allow network defenders to understand the most critical threats and select the most effective countermeasures. This paper describes
Automated generation and analysis of attack graphs
TLDR
This paper presents an automated technique for generating and analyzing attack graphs, based on symbolic model checking algorithms, letting us construct attack graphs automatically and efficiently.
A Security Analysis Framework Powered by an Expert System
Today's IT systems are facing a major challenge in confronting the fast rate of emerging security threats. Although many security tools are being employed within organizations in order to standup to
Cost Evaluation for Intrusion Response Using Dependency Graphs
The cost evaluation for attacks and/or responses (further called security incidents) in an IT system is a challenging issue. The high rate of service dependencies increases this challenge as the
An Attack Graph-Based Probabilistic Security Metric
TLDR
This paper proposes an attack graph-based probabilistic metric for network security and studies its efficient computation, and defines and proposes heuristics to improve the efficiency of such computation.
...
1
2
3
4
5
...