Skip to main content
SpringerLink
Log in

Attack Graph-Based Countermeasure Selection Using a Stateful Return on Investment Metric

  • Conference paper
  • First Online:
Foundations and Practice of Security (FPS 2017)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10723))

Included in the following conference series:

Abstract

We propose a mitigation model that evaluates individual and combined countermeasures against multi-step cyber-attack scenarios. The goal is to anticipate the actions of an attacker that wants to disrupt a given system (e.g., an information system). The process is driven by an attack graph formalism, enforced with a stateful return on response investment metric that optimally evaluates, ranks and selects appropriate countermeasures to handle ongoing and potential attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Cuppens, F., Autrel, F., Bouzida, Y., Garcia, J., Gombault, S., Sans, T.: Anti-correlation as a criterion to select appropriate counter-measures in an intrusion detection framework. Ann. Telecommun. 61(1), 197–217 (2006)

    Article  Google Scholar 

  2. Doynikova, E., Kotenko, I.: Countermeasure selection based on the attack and service dependency graphs for security incident management. In: Lambrinoudakis, C., Gabillon, A. (eds.) CRiSIS 2015. LNCS, vol. 9572, pp. 107–124. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-31811-0_7

    Chapter  Google Scholar 

  3. Forum of Incident Response and Security Teams. Common vulnerability scoring system v3.0 specification document. Technical paper, version: release20170402. Accessed July 2017

    Google Scholar 

  4. Gonzalez-Granadillo, G., Belhaouane, M., Debar, H., Jacob, G.: RORI-based countermeasure selection using the OrBAC formalism. Int. J. Inf. Secur. 13(1), 63–79 (2014)

    Article  Google Scholar 

  5. Gonzalez-Granadillo, G., Garcia-Alfaro, J., Alvarez, E., El-Barbori, M., Debar, H.: Selecting optimal countermeasures for attacks against critical systems using the attack volume model and the RORI index. Comput. Electr. Eng. 47, 13–34 (2015)

    Article  Google Scholar 

  6. Kheir, N., Cuppens-Boulahia, N., Cuppens, F., Debar, H.: A service dependency model for cost-sensitive intrusion response. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 626–642. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15497-3_38

    Chapter  Google Scholar 

  7. Kotenko, I., Chechulin, A.: Computer attack modeling and security evaluation based on attack graphs. In: 2013 IEEE 7th International Conference on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS), vol. 2, pp. 614–619. IEEE (2013)

    Google Scholar 

  8. Lippmann, R.P., Ingols, K., Scott, K.P.C., Kratkiewicz, K., Artz, M., Cunningham, R.: Validating and restoring defense in depth using attack graphs. In: Military Communications Conference (MILCOM 2006), pp. 1–10. IEEE (2006)

    Google Scholar 

  9. Martinelli, F., Santini, F.: Debating cybersecurity or securing a debate? In: Cuppens, F., Garcia-Alfaro, J., Zincir Heywood, N., Fong, P.W.L. (eds.) FPS 2014. LNCS, vol. 8930, pp. 239–246. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17040-4_15

    Google Scholar 

  10. Poolsappasit, N., Dewri, R., Ray, I.: Dynamic security risk management using Bayesian attack graphs. IEEE Trans. Dependable Secure Comput. 9(1), 61–74 (2012)

    Article  Google Scholar 

  11. Samarji, L., Cuppens, F., Cuppens-Boulahia, N., Kanoun, W., Dubus, S.: Situation calculus and graph based defensive modeling of simultaneous attacks. CSS 8300, 132–150 (2013)

    Google Scholar 

  12. B. Schneier. Modelling security threats. Dr. Dobbs J. (1999)

    Google Scholar 

  13. Sonnenreich, W., Albanese, J., Stout, B.: Return on security investment (ROSI)-a practical quantitative model. J. Res. Pract. Inf. Technol. 38(1), 45–56 (2006)

    Google Scholar 

Download references

Acknowledgments

E. Doynikova and I. Kotenko acknowledge support from the Russian Science Foundation under grant number 15-11-30029. G. Gonzalez-Granadillo and J. Garcia-Alfaro acknowledge support from the European Commission under grant number 610416 (PANOPTESEC project).

Author information

Authors and Affiliations

  1. Atos Research and Innovation, Cybersecurity Laboratory, Barcelona, Spain

    Gustavo Gonzalez-Granadillo

  2. St. Petersburg Institute for Informatics and Automation (SPIIRAS), Saint Petersburg, Russia

    Elena Doynikova & Igor Kotenko

  3. Information Technologies, Mechanics and Optics (ITMO) University, Saint Petersburg, Russia

    Elena Doynikova & Igor Kotenko

  4. Télécom SudParis, CNRS SAMOVAR, Paris-Saclay University, Paris, France

    Joaquin Garcia-Alfaro

Authors
  1. Gustavo Gonzalez-Granadillo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Elena Doynikova
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Igor Kotenko
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Joaquin Garcia-Alfaro
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Joaquin Garcia-Alfaro .

Editor information

Editors and Affiliations

  1. University of Lorraine, Villers-lès-Nancy, France

    Abdessamad Imine

  2. Polytechnique de Montréal, Montreal, Québec, Canada

    José M. Fernandez

  3. LORIA, Vandœuvre-lès-Nancy, France

    Jean-Yves Marion

  4. Université du Québec en Outaouais, Gatineau, Québec, Canada

    Luigi Logrippo

  5. Télécom SudParis, Evry Cedex, France

    Joaquin Garcia-Alfaro

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Gonzalez-Granadillo, G., Doynikova, E., Kotenko, I., Garcia-Alfaro, J. (2018). Attack Graph-Based Countermeasure Selection Using a Stateful Return on Investment Metric. In: Imine, A., Fernandez, J., Marion, JY., Logrippo, L., Garcia-Alfaro, J. (eds) Foundations and Practice of Security. FPS 2017. Lecture Notes in Computer Science(), vol 10723. Springer, Cham. https://doi.org/10.1007/978-3-319-75650-9_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-75650-9_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-75649-3

  • Online ISBN: 978-3-319-75650-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation