Abstract
The paper considers an issue of analysis of security risks posed by the multistage cyber attacks using known tactics, techniques, and procedures. The technique for cyber attack sequences modeling and testing using source data from the MITRE ATT&CK database and the production model is proposed. Risk assessment is implemented for the generated cyber attack sequences, analysed information system components and an information system as a whole using risks decomposition and Common Vulnerability Scoring System metrics. The developed techniques for cyber attack sequences modeling and risks assessment are implemented within the software tool. The tool also allows recommending possible countermeasures for the successful attack sequences using MITRE ATT& CK data. The experiments for different infrastructures are conducted and application of the developed tool is demonstrated on the case study.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
First website. common vulnerability scoring system. https://www.first.org/cvss/
Github website. atomic red team tests. https://github.com/redcanaryco/atomic-red-team
Github website. MITRE CALDERA. https://github.com/mitre/caldera
Github website. MITRE CASCADE. https://github.com/mitre/cascade-server
MITRE website. MITRE ATT&CK enterprise matrix. https://attack.mitre.org/matrices/enterprise/
Mitre website. MITRE cyber analytics repository. https://car.mitre.org/
Artz, M.: Netspa, a network security planning architecture. Master’s thesis (2002)
Dantu, R., Kolan, P., C. J.: Network risk management using attacker profiling. Sec. Commun. Netw. 2(1), 83–96 (2009)
Feigenbaum, E.: The art of artificial intelligence: Themes and case studies of knowledge engineering. In: Proceedings of the International Joint Conference on Artificial Intelligence, pp. 1014–1029 (1977)
Frigault, M., Wang, L., Jajodia, S., Singhal, A.: Network Security Metrics (2017)
Ingols, K., Lippmann, R., Piwowarski, K.: Practical attack graph generation for network defense. In: Proceedings of 22nd Annual Conference on the Computer Security Applications, Miami Beach, FL, pp. 121–130. IEEE (2006)
Khosravi-Farmad, M., Ghaemi-Bafghi, A.: Bayesian decision network-based security risk management framework. J. Netw. Syst. Manag. 1–26 (2020)
Kotenko, I., Doynikova, E.: Security assessment of computer networks based on attack graphs and security events. In: L. et al. (ed.) ICT-EurAsia 2014, Lecture Notes in Computer Science (LNCS), vol. 8407, pp. 462–471. Springer (2014)
Kotenko, I., Doynikova, E.: The CAPEC based generator of attack scenarios for network security evaluation. In: Proceedings of the IEEE 8th International Conference on “Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS’2015), pp. 436–441 (2015)
Lippmann, R., Ingols, K. et al.: Validating and restoring defense in depth using attack graphs. In: Proceedings of the MILCOM 2006, Washington, DC, pp. 1014–1029 (2006)
Liu, Y., Man, H.: Network vulnerability assessment using bayesian networks. Proc. SPIE 5812, 61–71 (2005)
MITRE. CAPEC database. https://capec.mitre.org/
MITRE. MITRE att&ck database. https://attack.mitre.org/
Muñoz-González, L., Sgandurra, D., Barrère, M., Lupu, E.: Dynamic security risk management using bayesian attack graphsexact inference techniques for the analysis of bayesian attack graphs. IEEE Trans. Depend. Sec. Comput. 16, 231–244 (2019)
Newell, A.: Production Systems: Models of Control Structures. Academic, New York, NY (1973)
Poolsappasit, N., Dewri, R., R. I.: Dynamic security risk management using bayesian attack graphs. IEEE Trans. Depend. Sec. Comput. 9(1), 61–74 (2012)
Singhal, A., Ou, X.: Security risk analysis of enterprise networks using probabilistic attack graphs. NIST interagency report (2011)
Stakhanova, N., Basu, S., W. J.: A cost-sensitive model for preemptive intrusion response systems. In: Proceedings of the 21st International Conference on Advanced Networking and Applications (2007)
Acknowledgements
This research is being supported by the grant of RFBR #19-07-01246 in SPC RAS.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Kryukov, R., Doynikova, E., Kotenko, I. (2022). Security Analysis of Information Systems Based on Attack Sequences Generation and Testing. In: Camacho, D., Rosaci, D., Sarné, G.M.L., Versaci, M. (eds) Intelligent Distributed Computing XIV. IDC 2021. Studies in Computational Intelligence, vol 1026. Springer, Cham. https://doi.org/10.1007/978-3-030-96627-0_39
Download citation
DOI: https://doi.org/10.1007/978-3-030-96627-0_39
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-96626-3
Online ISBN: 978-3-030-96627-0
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)