Abstract
The paper suggests an approach to countermeasure selection that is based on the application of quantitative risk metrics. The approach incorporates several techniques. These techniques differ for the static and dynamic modes of operation of the security analysis and countermeasure selection component. The techniques consider available input data on the network security state. The approach is based on the application of open standards for unified specification of security data, application of attack graphs and service dependency graphs to calculate different security metrics, and takes into account events and information from security information and events management (SIEM) systems.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
ISO/IEC TR 13335-4:2000. Information technology — Guidelines for the management of IT Security — Part 4: Selection of safeguards
Peltier, T.R.: Information Security Risk Analysis, 3rd edn. CRC Press, Boca Raton (2010)
Caralli, R., Stevens, J.F., Young, L.R., Wilson, W.R.: Introducing OCTAVE Allegro: improving the information security risk assessment process. Technical report (2007)
Visintine, V.: Global Information Assurance Certification Paper. SANS Institute (2003). http://www.giac.org/paper/gsec/3156/introduction-information-risk-assessment/105258
RiskWatch. http://www.riskwatch.com/
CRAMM. www.cramm.com
Kotenko, I., Doynikova, E.: Evaluation of computer network security based on attack graphs and security event processing. J. Wirel. Mob. Netw. Ubiquit. Comput. Dependable Appl. (JoWUA) 5(3), 14–29 (2014)
Kotenko, I., Chechulin, A.: Attack modeling and security evaluation in SIEM systems. Int. Trans. Syst. Sci. Appl. 8, 129–147 (2012)
Bursztein, E., Mitchell, J.C.: Using strategy objectives for network security analysis. In: Bao, F., Yung, M., Lin, D., Jing, J. (eds.) Inscrypt 2009. LNCS, vol. 6151, pp. 337–349. Springer, Heidelberg (2010)
He, W., Xia, C., Zhang, C., Ji, Y., Ma, X.: A network security risk assessment framework based on game theory. In: Proceedings of the Second International Conference on Future Generation Communication and Networking, vol. 2, pp. 249–253. IEEE (2008)
Noel, S., Jajodia, S., O’Berry, B., Jacobs, M.: Efficient minimum-cost network hardening via exploit dependency graphs. In: Proceedings of the 19th Annual Computer Security Applications Conference, pp. 86–95. IEEE (2003)
Ingols, K., Lippmann, R., Piwowarski, K.: Pratical Attack Graph Generation for Network Defense. Computer Security Applications Conference. Miami Beach, Florida (2006)
Poolsappasit, N., Dewri, R., Ray, I.: Dynamic security risk management using Bayesian attack graphs. IEEE Trans. Dependable Secur. Comput. 9(1), 61–74 (2012)
Dantu, R., Kolan, P., Cangussu, J.: Network risk management using attacker profiling. Secur. Commun. Netw. 2(1), 83–96 (2009)
Chunlu, W., Yancheng, W., Yingfei, D., Tianle, Z.: A novel comprehensive network security assessment approach. In: IEEE International Conference on Communications, pp. 1–6. IEEE, Kyoto (2011)
Kotenko, I., Stepashkin, M.: Attack graph based evaluation of network security. In: Leitold, H., Markatos, E.P. (eds.) CMS 2006. LNCS, vol. 4237, pp. 216–227. Springer, Heidelberg (2006)
Cremonini, M., Martini, P.: Evaluating information security investments from attackers perspective: the Return-On-Attack (ROA). In: Workshop on the Economics of Information Security (2005)
Kanoun, W., Cuppens-Boulahia, N., Cuppens, F.: Automated reaction based on risk analysis and attackers skills in intrusion detection systems. In: Proceedings of the CRiSIS 2008, pp. 117–124. IEEE, Tozeur (2008)
Wu, Y.-S., Foo, B., Mao, Y.-C., Bagchi, S., Spafford, E.: Automated adaptive intrusion containment in systems of interacting services. Comput. Netw. Int. J. Comput. Telecommun. Netw. 51(5), 1334–1360 (2007). Elsevier North-Holland, Inc. New York, NY, USA
Hoo, K.J.S.: How much is enough? a risk-management approach to computer security. Ph.D. thesis, Stanford University (2000)
Kheir, N.: Response policies and counter-measures: management of service dependencies and intrusion and reaction impacts. Ph.D. thesis (2010)
Gonzalez Granadillo, G., Débar, H., Jacob, G., Gaber, C., Achemlal, M.: Individual countermeasure selection based on the return on response investment index. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 156–170. Springer, Heidelberg (2012)
Kotenko, I., Chechulin, A.: A cyber attack modeling and impact assessment framework. In: CyCon 2013, pp. 119–142. IEEE and NATO COE Publications (2013)
Waltermire, D., Quinn, S., Scarfone, K., Halbardier, A.: The Technical Specification for the Security Content Automation Protocol (SCAP): SCAP Version 1.2 (2011)
McGuire, G.T., Waltermire, D., Baker, J.O.: Common Remediation Enumeration (CRE) Version 1.0 (Draft). NIST Interagency Report 7831 (Draft) (2011)
Johnson, C.: Enterprise remediation automation. In: NIST, Proceedings of the IT Security Automation Conference (2010)
Kotenko, I., Doynikova, E.: Countermeasure selection in SIEM systems based on the integrated complex of security metrics. In: 23rd Euromicro International Conference on Parallel, Distributed and Network-Based Processing (PDP 2015), pp. 567–574. IEEE (2015)
Common Vulnerabilities and Exposures (CVE). http://cve.mitre.org/
Common Platform Enumeration (CPE). http://cpe.mitre.org/
Common Configuration Enumeration (CCE). https://cce.mitre.org/
MASSIF FP7 Project. MAnagement of Security information and events in Service Infrastructures. http://www.massif-project.eu
Strasburg, C., Stakhanova, N., Basu, S., Wong, J.: Intrusion response cost assessment methodology. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, New York, NY, USA, pp. 388–391 (2009)
National Vulnerability Database. https://nvd.nist.gov/
Mell, P., Scarfone, K.: A Complete Guide to the Common Vulnerability Scoring System Version 2.0 (2007)
Common Attack Pattern Enumeration and Classification (CAPEC) [Internet resource]. https://capec.mitre.org
Acknowledgements
This research is being supported by the Ministry of Education and Science of The Russian Federation (contract # 14.604.21.0137, unique contract identifier RFMEFI60414X0137).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Doynikova, E., Kotenko, I. (2016). Countermeasure Selection Based on the Attack and Service Dependency Graphs for Security Incident Management. In: Lambrinoudakis, C., Gabillon, A. (eds) Risks and Security of Internet and Systems. CRiSIS 2015. Lecture Notes in Computer Science(), vol 9572. Springer, Cham. https://doi.org/10.1007/978-3-319-31811-0_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-31811-0_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-31810-3
Online ISBN: 978-3-319-31811-0
eBook Packages: Computer ScienceComputer Science (R0)