Skip to main content
SpringerLink
Log in
Book cover

International Conference on Risks and Security of Internet and Systems

CRiSIS 2015: Risks and Security of Internet and Systems pp 107–124Cite as

Countermeasure Selection Based on the Attack and Service Dependency Graphs for Security Incident Management

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 9572))

Abstract

The paper suggests an approach to countermeasure selection that is based on the application of quantitative risk metrics. The approach incorporates several techniques. These techniques differ for the static and dynamic modes of operation of the security analysis and countermeasure selection component. The techniques consider available input data on the network security state. The approach is based on the application of open standards for unified specification of security data, application of attack graphs and service dependency graphs to calculate different security metrics, and takes into account events and information from security information and events management (SIEM) systems.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. ISO/IEC TR 13335-4:2000. Information technology — Guidelines for the management of IT Security — Part 4: Selection of safeguards

    Google Scholar 

  2. Peltier, T.R.: Information Security Risk Analysis, 3rd edn. CRC Press, Boca Raton (2010)

    Book  Google Scholar 

  3. Caralli, R., Stevens, J.F., Young, L.R., Wilson, W.R.: Introducing OCTAVE Allegro: improving the information security risk assessment process. Technical report (2007)

    Google Scholar 

  4. Visintine, V.: Global Information Assurance Certification Paper. SANS Institute (2003). http://www.giac.org/paper/gsec/3156/introduction-information-risk-assessment/105258

  5. RiskWatch. http://www.riskwatch.com/

  6. CRAMM. www.cramm.com

  7. Kotenko, I., Doynikova, E.: Evaluation of computer network security based on attack graphs and security event processing. J. Wirel. Mob. Netw. Ubiquit. Comput. Dependable Appl. (JoWUA) 5(3), 14–29 (2014)

    Google Scholar 

  8. Kotenko, I., Chechulin, A.: Attack modeling and security evaluation in SIEM systems. Int. Trans. Syst. Sci. Appl. 8, 129–147 (2012)

    Google Scholar 

  9. Bursztein, E., Mitchell, J.C.: Using strategy objectives for network security analysis. In: Bao, F., Yung, M., Lin, D., Jing, J. (eds.) Inscrypt 2009. LNCS, vol. 6151, pp. 337–349. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  10. He, W., Xia, C., Zhang, C., Ji, Y., Ma, X.: A network security risk assessment framework based on game theory. In: Proceedings of the Second International Conference on Future Generation Communication and Networking, vol. 2, pp. 249–253. IEEE (2008)

    Google Scholar 

  11. Noel, S., Jajodia, S., O’Berry, B., Jacobs, M.: Efficient minimum-cost network hardening via exploit dependency graphs. In: Proceedings of the 19th Annual Computer Security Applications Conference, pp. 86–95. IEEE (2003)

    Google Scholar 

  12. Ingols, K., Lippmann, R., Piwowarski, K.: Pratical Attack Graph Generation for Network Defense. Computer Security Applications Conference. Miami Beach, Florida (2006)

    Google Scholar 

  13. Poolsappasit, N., Dewri, R., Ray, I.: Dynamic security risk management using Bayesian attack graphs. IEEE Trans. Dependable Secur. Comput. 9(1), 61–74 (2012)

    Article  Google Scholar 

  14. Dantu, R., Kolan, P., Cangussu, J.: Network risk management using attacker profiling. Secur. Commun. Netw. 2(1), 83–96 (2009)

    Article  Google Scholar 

  15. Chunlu, W., Yancheng, W., Yingfei, D., Tianle, Z.: A novel comprehensive network security assessment approach. In: IEEE International Conference on Communications, pp. 1–6. IEEE, Kyoto (2011)

    Google Scholar 

  16. Kotenko, I., Stepashkin, M.: Attack graph based evaluation of network security. In: Leitold, H., Markatos, E.P. (eds.) CMS 2006. LNCS, vol. 4237, pp. 216–227. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  17. Cremonini, M., Martini, P.: Evaluating information security investments from attackers perspective: the Return-On-Attack (ROA). In: Workshop on the Economics of Information Security (2005)

    Google Scholar 

  18. Kanoun, W., Cuppens-Boulahia, N., Cuppens, F.: Automated reaction based on risk analysis and attackers skills in intrusion detection systems. In: Proceedings of the CRiSIS 2008, pp. 117–124. IEEE, Tozeur (2008)

    Google Scholar 

  19. Wu, Y.-S., Foo, B., Mao, Y.-C., Bagchi, S., Spafford, E.: Automated adaptive intrusion containment in systems of interacting services. Comput. Netw. Int. J. Comput. Telecommun. Netw. 51(5), 1334–1360 (2007). Elsevier North-Holland, Inc. New York, NY, USA

    MATH  Google Scholar 

  20. Hoo, K.J.S.: How much is enough? a risk-management approach to computer security. Ph.D. thesis, Stanford University (2000)

    Google Scholar 

  21. Kheir, N.: Response policies and counter-measures: management of service dependencies and intrusion and reaction impacts. Ph.D. thesis (2010)

    Google Scholar 

  22. Gonzalez Granadillo, G., Débar, H., Jacob, G., Gaber, C., Achemlal, M.: Individual countermeasure selection based on the return on response investment index. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 156–170. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  23. Kotenko, I., Chechulin, A.: A cyber attack modeling and impact assessment framework. In: CyCon 2013, pp. 119–142. IEEE and NATO COE Publications (2013)

    Google Scholar 

  24. Waltermire, D., Quinn, S., Scarfone, K., Halbardier, A.: The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 (2011)

    Google Scholar 

  25. McGuire, G.T., Waltermire, D., Baker, J.O.: Common Remediation Enumeration (CRE) Version 1.0 (Draft). NIST Interagency Report 7831 (Draft) (2011)

    Google Scholar 

  26. Johnson, C.: Enterprise remediation automation. In: NIST, Proceedings of the IT Security Automation Conference (2010)

    Google Scholar 

  27. Kotenko, I., Doynikova, E.: Countermeasure selection in SIEM systems based on the integrated complex of security metrics. In: 23rd Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP 2015), pp. 567–574. IEEE (2015)

    Google Scholar 

  28. Common Vulnerabilities and Exposures (CVE). http://cve.mitre.org/

  29. Common Platform Enumeration (CPE). http://cpe.mitre.org/

  30. Common Configuration Enumeration (CCE). https://cce.mitre.org/

  31. MASSIF FP7 Project. MAnagement of Security information and events in Service Infrastructures. http://www.massif-project.eu

  32. Strasburg, C., Stakhanova, N., Basu, S., Wong, J.: Intrusion response cost assessment methodology. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, New York, NY, USA, pp. 388–391 (2009)

    Google Scholar 

  33. National Vulnerability Database. https://nvd.nist.gov/

  34. Mell, P., Scarfone, K.: A Complete Guide to the Common Vulnerability Scoring System Version 2.0 (2007)

    Google Scholar 

  35. Common Attack Pattern Enumeration and Classification (CAPEC) [Internet resource]. https://capec.mitre.org

Download references

Acknowledgements

This research is being supported by the Ministry of Education and Science of The Russian Federation (contract # 14.604.21.0137, unique contract identifier RFMEFI60414X0137).

Author information

Authors and Affiliations

  1. Laboratory of Computer Security Problems, St. Petersburg Institute for Informatics and Automation (SPIIRAS), 39, 14 Liniya, St. Petersburg, Russia

    Elena Doynikova & Igor Kotenko

Authors
  1. Elena Doynikova
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Igor Kotenko
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Elena Doynikova .

Editor information

Editors and Affiliations

  1. University of Piraeus, Piraeus, Greece

    Costas Lambrinoudakis

  2. Université de la Polynésie Française, Faa'a, French Polynesia

    Alban Gabillon

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Doynikova, E., Kotenko, I. (2016). Countermeasure Selection Based on the Attack and Service Dependency Graphs for Security Incident Management. In: Lambrinoudakis, C., Gabillon, A. (eds) Risks and Security of Internet and Systems. CRiSIS 2015. Lecture Notes in Computer Science(), vol 9572. Springer, Cham. https://doi.org/10.1007/978-3-319-31811-0_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-31811-0_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-31810-3

  • Online ISBN: 978-3-319-31811-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation