Evaluation of Computer Network Security based on Attack Graphs and Security Event Processing

@article{Kotenko2014EvaluationOC,
  title={Evaluation of Computer Network Security based on Attack Graphs and Security Event Processing},
  author={Igor V. Kotenko and Elena Doynikova},
  journal={J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl.},
  year={2014},
  volume={5},
  pages={14-29}
}
  • I. Kotenko, E. Doynikova
  • Published 2014
  • Computer Science
  • J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl.
The paper is devoted to the security assessment problem. Authors suggest an approach to the security assessment based on the attack graphs that can be implemented in contemporary Security Information and Event Management (SIEM) systems. Key feature of the approach consists in the application of the developed security metrics system based on the differentiation of the input data for the metrics calculations. Input data includes, among others, current events from the SIEM system. Proposed metrics… Expand
Countermeasure Selection Based on the Attack and Service Dependency Graphs for Security Incident Management
TLDR
An approach to countermeasure selection that is based on the application of quantitative risk metrics, which takes into account events and information from security information and events management (SIEM) systems. Expand
An Automated Graph Based Approach to Risk Assessment for Computer Networks with Mobile Components
TLDR
An automated approach to risk assessment for computer networks with mobile components is suggested based on the modeling of attacks against computer network as attack graphs and application of open databases of attack patterns and vulnerabilities. Expand
Ontology Based APT Attack Behavior Analysis in Cloud Computing
TLDR
In this paper, the malicious code is designed to detect APT attack based onAPT attack behavior ontology that occur during the operation on the target system, it uses intelligent APTattack than to define inference rules can be inferred about malicious attack behavior to propose a method that can be detected. Expand
An Automated Security Analysis Framework and Implementation for Cloud
TLDR
This paper designed, implemented and tested a cloud security assessment tool in a real cloud platform named UniteCloud, and showed the practicality and feasibility of automation of deploying all the three MTD techniques on the real cloud infrastructure. Expand
An Automated Security Analysis Framework and Implementation for MTD Techniques on Cloud
TLDR
This paper designed, implemented and tested a cloud security assessment tool in a real cloud platform named UniteCloud, and showed the practicality and feasibility of automation of deploying all the three MTD techniques on the real cloud infrastructure. Expand
Assessment of Computer Network Resilience Under Impact of Cyber Attacks on the Basis of Stochastic Networks Conversion
TLDR
Experimental evaluation of the proposed method for analytical modeling of attacks and developed methodology for assessing resilience of the network under exposure of cyber attacks showed high adequacy of the obtained results and high efficiency of their calculation. Expand
Effective Security Analysis for Combinations of MTD Techniques on Cloud Computing (Short Paper)
TLDR
This study conducts an in-depth study, based on realistic simulations done on a cloud environment, on the effects of security and reliability for three different MTD techniques: (i) Shuffle, (ii) Redundancy, and (iii) the combination of Shuffle and Redundancies. Expand
Information Collection Start Cloud Scanning Step 1 HARM Creation Step 2 Security Analysis Engine Step 3 MTD Deployment Step
Cloud service providers offer their customers with on-demand and cost-effective services, scalable computing, and network infrastructures. Enterprises migrate their services to the cloud to utilizeExpand
Efficient Attack Countermeasure Selection Accounting for Recovery and Action Costs
TLDR
This work proposes an attack countermeasure selection approach based on cost impact analysis that takes into account the impacts of actions by both the attacker and the defender, and builds a countermeasures selection method that chooses the most cost-effective action based on its impact on expected losses and costs over a given time horizon. Expand
A Meta Language for Threat Modeling and Attack Simulations
TLDR
The Meta Attack Language (MAL) is presented, which may be used to design domain-specific attack languages such as the aforementioned, and provides a formalism that allows the semi-automated generation as well as the efficient computation of very large attack graphs. Expand
...
1
2
3
...

References

SHOWING 1-10 OF 34 REFERENCES
Security Assessment of Computer Networks Based on Attack Graphs and Security Events
TLDR
The paper suggests the security assessment technique based on attack graphs which can be implemented in contemporary SIEM systems based on the security metrics taxonomy and different techniques for calculation of security metrics according to the data about current events. Expand
Common Framework for Attack Modeling and Security Evaluation in SIEM Systems
  • I. Kotenko, A. Chechulin
  • Computer Science
  • 2012 IEEE International Conference on Green Computing and Communications
  • 2012
TLDR
Key elements of suggested architectural solutions for attack modeling and security evaluation are using a comprehensive security repository, effective attack graph (tree) generation techniques, taking into account known and new attacks based on zero-day vulnerabilities, stochastic analytical modeling, and interactive decision support to choose preferred security solutions. Expand
Security Metrics Based on Attack Graphs for the Olympic Games Scenario
TLDR
The paper considers technique for calculation of security metrics on the base of attack graphs and service dependencies and uses several assessment aspects or levels and allows customization according to different parameters of SIEM system operation. Expand
A Novel Quantitative Approach For Measuring Network Security
TLDR
This paper proposes a novel security metric framework that identifies and quantifies objectively the most significant security risk factors, which include existing vulnerabilities, historical trend of vulnerability of the remotely accessible services, prediction of potential vulnerabilities for any general network service and their estimated severity and finally policy resistance to attack propagation within the network. Expand
A Cyber Attack Modeling and Impact Assessment framework
TLDR
The architecture of the Cyber Attack Modeling and Impact Assessment Component (CAMIAC) is proposed, the prototype of the component, the results of experiments carried out, and comparative analysis of the techniques used are presented. Expand
Characterizing and aggregating attack graph-based security metric
TLDR
This dissertation examines how attack graph-based security metrics behave in response to increased network vulnerabilities under heterogeneous network models and specifies an algorithm for network hardening given a limited budget. Expand
Graph based Metrics for Intrusion Response Measures in Computer Networks
TLDR
A graph based approach for modelling the effects of both attacks against computer networks and response measures as reactions against the attacks, designed for a scalable granularity in representing properties of the network and its components to be protected. Expand
Network risk management using attacker profiling
TLDR
This work hypothesize that sequence of network actions by an attacker depends on the social behavior (e.g., skill level, tenacity, financial ability) and formulated a mechanism to estimate the risk level of critical resources that may be compromised based on attacker behavior. Expand
The Ontology of Metrics for Security Evaluation and Decision Support in SIEM Systems
TLDR
A new approach on using security metrics which is based on their ontological representation and serves for comprehensive security evaluation and subsequent countermeasure generation is proposed. Expand
Automated reaction based on risk analysis and attackers skills in intrusion detection systems
TLDR
This paper proposes to turn the reaction selection process intelligent by giving means to quantify the effectiveness and select the countermeasure that has the minimum negative side effect on the information system by adopting a risk assessment and analysis approach. Expand
...
1
2
3
4
...