Abstract
In making important cyber security course of action (COA) decisions, experts mostly use their knowledge and experience to collate and synthesise information from multiple and sometimes conflicting sources such as the continually evolving cyber security tools. Such a decision making process is resource intensive and could result in inconsistencies from experts’ subjective interpretations of how to address the network’s security risks. The push towards automated computer network defence (CND) systems requires autonomous decision making and recommendation approaches for network security remediation. In this work, we present such a novel approach through a TOPSIS-based multi-attribute decision making COA selection technique. Our model uses a survey of experts to show that human experts’ decisions are indeed inconsistent, even when they are provided with the same information. We then present our decision making approach that is based on considering multiple COA selection factors in an operational environment and implementing a multi-objective selection method that provides network defenders with the best actionable COAs for an automated CND system. Our results show consistency that is unmatched by human experts.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Kim, A., Kang, M.H.: Determining asset criticality for cyber defense. Naval Research Laboratory. Technical report NRL/MR/5540-11-9350 (2011)
Kim, A., Kang, M.H., Luo, J.Z., Velasquez, A.: A framework for event prioritization in cyber network defense. Naval Research Laboratory. Technical report NRL/MR/5540-14-9541 (2014)
Ou, X., Govindavajhala, S., Appel, A.W.: MulVAL: a logic-based network security analyzer. In: USENIX Security (2005)
Sawilla, R., Burrell, C.: Course of action recommendations for practical network defence. Defence Research and Development Canada. Technical Report DRDC Ottawa TM 2009–130 (2009)
Sawilla, R., Skillicorn, D.: Partial cuts in attack graphs for cost effective network defense. In: IEEE International Conference on Technologies for Homeland Security, HST 2012, pp. 291–297 (2012)
Miller, G.A.: The magical number seven, plus or minus two: some limits on our capacity for processing information. Psychol. Rev. 101, 343 (1994)
Miller, S., Appleby, S., Garibaldi, J.M., Aickelin, U.: Towards a more systematic approach to secure systems design and analysis. Int. J. Secure Softw. Eng. 4(1), 11–30 (2013)
Symantec: IT analytics 7.1 for altiris it management suite from symantec. Symantec, Technical report (2013)
RedSeal Networks. Security target. https://www.redseal.net
Dondo, M.: A neural network approach for cyber security course of action selection. Defence Research and Development Canada, Technical report DRDC-RDDC-2016-R269 (2016)
Hwang, C.-L., Yoon, K.: Multiple Attribute Decision Making: Methods and Applications a State-of-the-Art Survey. Springer Science & Business Media, Heidelberg (2012). https://doi.org/10.1007/978-3-642-48318-9
McKenzie, C.: GENESIS: integrated end-to-end decision support for computer network defence, design and architecture document. Defence Research and Development Canada. Technical report DRDC Ottawa CR 2011–009 (2011)
Sawilla, R.E., Wiemer, D.J.: Automated computer network defence technology demonstration project (ARMOUR TDP): concept of operations, architecture, and integration framework. In: 2011 IEEE International Conference on Technologies for Homeland Security (HST), pp. 167–172, November 2011
Sawilla, R.E., Ou, X.: Identifying critical attack assets in dependency attack graphs. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 18–34. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-88313-5_2
Symantec. Symantec patch management solution powered by altiris technology. http://www.symantec.com/products
Alhomidi, M., Reed, M.: Finding the minimum cut set in attack graphs using genetic algorithms. In: 2013 International Conference on Computer Applications Technology. ICCAT 2013, pp. 1–6, January 2013
Hong, J., Kim, D.S., Haqiq, A.: What vulnerability do we need to patch first? In: 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. DSN 2014, pp. 684–689, June 2014
Chakraborty, S., Yeh, C.-H.: A simulation based comparative study of normalization procedures in multiattribute decision making. In: Proceedings of the 6th Conference on Artificial Intelligence: Knowledge Engineering and Data Bases (2007)
Boran, F.E., Genç, S., Kurt, M., Akay, D.: A multi-criteria intuitionistic fuzzy group decision making for supplier selection with TOPSIS method. Expert Syst. Appl. 36(8), 11363–11368 (2009)
Safari, H., Khanmohammadi, E., Hafezamini, A., Ahangari, S.S.: A new technique for multi criteria decision making based on modified similarity method. Middle-East J. Sci. Res. 14(5), 712–719 (2013)
Velasquez, M., Hester, P.T.: An analysis of multi-criteria decision making methods. Int. J. Oper. Res. 10, 56–66 (2013)
Linstone, H.A., Turoff, M.: The Delphi Method. Addison-Wesley, Reading (2002)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Dondo, M. (2018). Cyber Security Decision Support for Remediation in Automated Computer Network Defence. In: Lin, X., Ghorbani, A., Ren, K., Zhu, S., Zhang, A. (eds) Security and Privacy in Communication Networks. SecureComm 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 239. Springer, Cham. https://doi.org/10.1007/978-3-319-78816-6_15
Download citation
DOI: https://doi.org/10.1007/978-3-319-78816-6_15
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-78815-9
Online ISBN: 978-3-319-78816-6
eBook Packages: Computer ScienceComputer Science (R0)