Abstract
We propose a mitigation model that evaluates individual and combined countermeasures against multi-step cyber-attack scenarios. The goal is to anticipate the actions of an attacker that wants to disrupt a given system (e.g., an information system). The process is driven by an attack graph formalism, enforced with a stateful return on response investment metric that optimally evaluates, ranks and selects appropriate countermeasures to handle ongoing and potential attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Cuppens, F., Autrel, F., Bouzida, Y., Garcia, J., Gombault, S., Sans, T.: Anti-correlation as a criterion to select appropriate counter-measures in an intrusion detection framework. Ann. Telecommun. 61(1), 197–217 (2006)
Doynikova, E., Kotenko, I.: Countermeasure selection based on the attack and service dependency graphs for security incident management. In: Lambrinoudakis, C., Gabillon, A. (eds.) CRiSIS 2015. LNCS, vol. 9572, pp. 107–124. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-31811-0_7
Forum of Incident Response and Security Teams. Common vulnerability scoring system v3.0 specification document. Technical paper, version: release20170402. Accessed July 2017
Gonzalez-Granadillo, G., Belhaouane, M., Debar, H., Jacob, G.: RORI-based countermeasure selection using the OrBAC formalism. Int. J. Inf. Secur. 13(1), 63–79 (2014)
Gonzalez-Granadillo, G., Garcia-Alfaro, J., Alvarez, E., El-Barbori, M., Debar, H.: Selecting optimal countermeasures for attacks against critical systems using the attack volume model and the RORI index. Comput. Electr. Eng. 47, 13–34 (2015)
Kheir, N., Cuppens-Boulahia, N., Cuppens, F., Debar, H.: A service dependency model for cost-sensitive intrusion response. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 626–642. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15497-3_38
Kotenko, I., Chechulin, A.: Computer attack modeling and security evaluation based on attack graphs. In: 2013 IEEE 7th International Conference on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS), vol. 2, pp. 614–619. IEEE (2013)
Lippmann, R.P., Ingols, K., Scott, K.P.C., Kratkiewicz, K., Artz, M., Cunningham, R.: Validating and restoring defense in depth using attack graphs. In: Military Communications Conference (MILCOM 2006), pp. 1–10. IEEE (2006)
Martinelli, F., Santini, F.: Debating cybersecurity or securing a debate? In: Cuppens, F., Garcia-Alfaro, J., Zincir Heywood, N., Fong, P.W.L. (eds.) FPS 2014. LNCS, vol. 8930, pp. 239–246. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17040-4_15
Poolsappasit, N., Dewri, R., Ray, I.: Dynamic security risk management using Bayesian attack graphs. IEEE Trans. Dependable Secure Comput. 9(1), 61–74 (2012)
Samarji, L., Cuppens, F., Cuppens-Boulahia, N., Kanoun, W., Dubus, S.: Situation calculus and graph based defensive modeling of simultaneous attacks. CSS 8300, 132–150 (2013)
B. Schneier. Modelling security threats. Dr. Dobbs J. (1999)
Sonnenreich, W., Albanese, J., Stout, B.: Return on security investment (ROSI)-a practical quantitative model. J. Res. Pract. Inf. Technol. 38(1), 45–56 (2006)
Acknowledgments
E. Doynikova and I. Kotenko acknowledge support from the Russian Science Foundation under grant number 15-11-30029. G. Gonzalez-Granadillo and J. Garcia-Alfaro acknowledge support from the European Commission under grant number 610416 (PANOPTESEC project).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Gonzalez-Granadillo, G., Doynikova, E., Kotenko, I., Garcia-Alfaro, J. (2018). Attack Graph-Based Countermeasure Selection Using a Stateful Return on Investment Metric. In: Imine, A., Fernandez, J., Marion, JY., Logrippo, L., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2017. Lecture Notes in Computer Science(), vol 10723. Springer, Cham. https://doi.org/10.1007/978-3-319-75650-9_19
Download citation
DOI: https://doi.org/10.1007/978-3-319-75650-9_19
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-75649-3
Online ISBN: 978-3-319-75650-9
eBook Packages: Computer ScienceComputer Science (R0)