Skip to main content
Springer Nature Link
Log in

Choosing Models for Security Metrics Visualization

  • Conference paper
  • First Online:
Computer Network Security (MMM-ACNS 2017)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 10446))

Abstract

This paper aims at finding optimal visualization models for representation and analysis of security related data, for example, security metrics, security incidents and cyber attack countermeasures. The classification of the most important security metrics and their characteristics that are important for their visualization are considered. The paper reviews existing and suggested research by the author’s data representation and visualization models. In addition, the most suitable models for different metric groups are outlined and analyzed. A case study is presented as an illustration on the way the visualization models are integrated with different metrics for security awareness.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Schmidt, M.: Return on Investment (ROI): Meaning and Use. Encyclopedia of Business Terms and Methods (2011). http://www.solutionmatrix.com/return-on-investment.html

  2. Sonnenreich, W., Albanese, J., Stout, B.: Return on security Investment (ROSI) a practical quantitative model. J. Res. Pract. Inf. Technol. 38(1), 45–56 (2006)

    Google Scholar 

  3. Kolomeets, M., Chechulin, A., Kotenko, I.: Visualization model for monitoring of computer networks security based on the analogue of voronoi diagrams. In: International Cross-Domain Conference, and Workshop on Privacy Aware Machine Learning for Health Data Science (2016)

    Google Scholar 

  4. Doynikova, E., Kotenko, I.: Countermeasure selection based on the attack and service dependency graphs for security incident management. In: Lambrinoudakis, C., Gabillon, A. (eds.) CRiSIS 2015. LNCS, vol. 9572, pp. 107–124. Springer, Cham (2016). doi:10.1007/978-3-319-31811-0_7

    Chapter  Google Scholar 

  5. Gonzalez Granadillo, G., Garcia-Alfaro, J., Debar, H.: Using a 3D geometrical model to improve accuracy in the evaluation and selection of countermeasures against complex cyber attacks. In: Security and Privacy in Communication Networks, pp. 26–29 (2015)

    Google Scholar 

  6. Gonzalez Granadillo, G., Alvarez, E., El-Barbori, M., Garcia-Alfaro, J., Debar, H.: Selecting optimal countermeasures for attacks against critical systems using the Attack Volume model and the RORI index. J. Comput. Electr. Eng. 13–34 (2015)

    Google Scholar 

  7. Kheir, N., Cuppens-Boulahia, N., Cuppens, F., Debar, H.: A service dependency model for cost-sensitive intrusion response. In: 15th European Symposium on Research in Computer Security (ESORICS), pp. 626–642 (2010)

    Google Scholar 

  8. Dini, G., Tiloca, M.: A simulation tool for evaluating attack impact in cyber physical systems. In: International Workshop Modelling and Simulation for Autonomous Systems, pp. 77–94 (2014)

    Google Scholar 

  9. Howard, M., Wing, J.: Measuring relative attack surfaces. In: Computer Security in the 21st Century, pp. 109–137 (2005)

    Google Scholar 

  10. Manadhata, P., Wing, J.: An attack surface metric. J. IEEE Trans. Softw. Eng. 37(3), 371–386 (2011)

    Google Scholar 

  11. Mell, P., Scarforne, K., Romanosky, S.: A complete guide to the common vulnerability scoring system (CVSS) version 2.0. In: FIRST-Forum of Incident Response and Security Teams, p. 23 (2007)

    Google Scholar 

  12. The Center for Internet Security. The CIS Security Metrics, 175 p. (2009)

    Google Scholar 

  13. Kotenko, I.V., Doynikova, E.: Dynamical calculation of security metrics for countermeasure selection in computer networks. In: 24th Euromicro International Conference on Parallel, Distributed and network-based Processing (PDP 2016), pp. 558–565. IEEE Computer Society, Los Alamitos (2016)

    Google Scholar 

  14. Singhal, A., Ou, X.: Security risk analysis of enterprise networks using probabilistic attack graphs. NIST Interagency Report 7788, Gaithersburg: National Institute of Standards and Technology, 24 p. (2011)

    Google Scholar 

  15. Puangsri, P.: Quantified return on information security investment - a model for cost-benefit analysis. Master Thesis, Delft University of Technology (2009)

    Google Scholar 

  16. Gonzalez Granadillo, G., Garcia-Alfaro, J., Debar, H.: An n-sided polygonal model to calculate the impact of cyber security events. In: International Conference on Risks and Security of Internet and Systems (2016)

    Google Scholar 

  17. Special operations forces intelligence and electronic warfare operations, appendix D: Target analysis process, Federation of American Scientists (1991). http://www.fas.org/irp/doddir/army/fm34-36/appd.htm

  18. Gonzalez Granadillo, G., Rubio-Hernan, J., Garcia-Alfaro, J., Debar, H.: Considering internal vulnerabilities and the attacker’s knowledge to model the impact of cyber events as geometrical prisms. In: Conference on Trust, Security and Privacy in Computing and Communications (2016)

    Google Scholar 

  19. Leborg, C.: Visual Grammar, 1st edn, p. 96. Princeton Architectural Press, New York (2006)

    Google Scholar 

  20. Kolomeec, M.V., Chechulin, A.A., Kotenko, I.V.: Methodological primitives for phased construction of data visualization models. J. Internet Serv. Inf. Secur. (JISIS) 5(4), 60–84 (2015)

    Google Scholar 

  21. Holten, D.: Hierarchical edge bundles: visualization of adjacency relations in hierarchical data. IEEE Trans. Vis. Comput. Graph. 12(5) (2006)

    Google Scholar 

  22. Haber, R.B., McNabb, D.A.: Visualization idioms: a conceptual model for scientific visualization systems. In: Visualization in Scientific Computing, pp. 74–93. IEEE Computer Society Press (1990)

    Google Scholar 

  23. Kundur, D., Feng, X., Liu, S., Zourntos, T., Butler-Purry, K.L.: Towards a framework for cyber attack impact analysis of the electric smart grid. In: International Conference on Smart Grid Communications, pp. 244–249 (2010)

    Google Scholar 

  24. Duan, C., Cleland-Huang, J.: Automated safeguard selection strategies. In: CTI Research Symposium (2006)

    Google Scholar 

Download references

Acknowledgements

This research is being supported by the grant of RSF #15-11-30029 in SPIIRAS.

Author information

Authors and Affiliations

  1. St. Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences (SPIIRAS), 39, 14 Liniya, St. Petersburg, Russia

    Maxim Kolomeec, Elena Doynikova, Andrey Chechulin & Igor Kotenko

  2. Institut Mines-Télécom, Télécom SudParis, CNRS UMR 5157 SAMOVAR, Evry, France

    Gustavo Gonzalez-Granadillo & Hervé Debar

  3. St. Petersburg National Research University of Information Technologies, Mechanics and Optics, 49, Kronverkskiy Prospekt, Saint-Petersburg, Russia

    Maxim Kolomeec, Elena Doynikova, Andrey Chechulin & Igor Kotenko

Authors
  1. Maxim Kolomeec
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Gustavo Gonzalez-Granadillo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Elena Doynikova
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Andrey Chechulin
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Igor Kotenko
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Hervé Debar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Igor Kotenko .

Editor information

Editors and Affiliations

  1. Gdansk University of Technology , Gdansk, Poland

    Jacek Rak

  2. Binghamton University , Binghamton, New York, USA

    John Bay

  3. St. Petersburg Institute for Informatics and Automation, St. Petersburg, Russia

    Igor Kotenko

  4. Utica College , Utica, New York, USA

    Leonard Popyack

  5. Binghamton University , Binghamton, New York, USA

    Victor Skormin

  6. Warsaw University of Technology , Warsaw, Poland

    Krzysztof Szczypiorski

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Kolomeec, M., Gonzalez-Granadillo, G., Doynikova, E., Chechulin, A., Kotenko, I., Debar, H. (2017). Choosing Models for Security Metrics Visualization. In: Rak, J., Bay, J., Kotenko, I., Popyack, L., Skormin, V., Szczypiorski, K. (eds) Computer Network Security. MMM-ACNS 2017. Lecture Notes in Computer Science(), vol 10446. Springer, Cham. https://doi.org/10.1007/978-3-319-65127-9_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-65127-9_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-65126-2

  • Online ISBN: 978-3-319-65127-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics