Abstract
This chapter considers methods and techniques for analytical processing of cyber security events and information. The approach suggested in the chapter is based on calculating a set of cyber security metrics suited for automatic- and human-based perception and analysis of cyber situation and suits for automated countermeasure response in a near real-time mode. To fulfil security assessments and make countermeasure decisions, artificial intelligence (AI)-based methods and techniques, including Bayesian, ontological and any-time mechanisms, are implemented. Different kinds of data are used: data from SIEM systems, data accumulated during security monitoring, and data generated by the word community in external databases of attacks, vulnerabilities and incidents for typical and special-purpose computer systems. To calculate integral metrics, the analytical models of evaluation objects are applied. To specify security objects and interrelationships among them, an ontological repository is realised. It joins data from various security databases and specifies techniques of logical inference to get answers on security-related requests. The suggested approach is demonstrated using several case studies.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Waltermire D, Quinn S, Scarfone K, Halbardier A (2011) The technical specification for the security content automation protocol (SCAP): vol. 27 Scap version 1.2. (2011)
First: common vulnerability scoring system SIG. https://www.first.org/cvss (2018). Accessed 27 Feb 2018
Mitre: common vulnerabilities and exposures. https://cve.mitre.org/data/downloads/index.html (2018). Accessed 27 Feb 2018
Mitre: common attack pattern enumeration and classification (2018). https://capec.mitre.org/. Accessed 27 Feb 2018
CWE: common weakness enumeration (2018). https://cwe.mitre.org/. Accessed 27 Feb 2018
NIST: national vulnerability database (2018). https://nvd.nist.gov/. Accessed 27 Feb 2018
Exploit-DB: offensive security’s exploit database archive (2018). https://www.exploit-db.com/. Accessed 27 Feb 2018
Fedorchenko A, Kotenko I, Chechulin A (2015) Design of integrated vulnerabilities database for computer networks security analysis. In: 2015 23rd Euromicro international conference on parallel, distributed and network-based processing (PDP). IEEE, New York (2015), pp 559–566
Fedorchenko A, Kotenko IV, Chechulin A (2015) Integrated repository of security information for network security evaluation. JoWUA 6(2):41–57
NIST: official common platform enumeration (CPE) dictionary (2018). https://nvd.nist.gov/cpe.cfm. Accessed 27 Feb 2018
Choattrition J (2018) OSVDB: everything is vulnerable. https://blog.osvdb.org/. Accessed 27 Feb 2018
IBM: Introducing IBM X-force malware analysis on cloud (2018). https://www.ibm.com/security/xforce. Accessed 27 Feb 2018
SecurityFocus: vulnerabilities (2018). http://www.securityfocus.com/. Accessed 27 Feb 2018
ICASI: the common vulnerability reporting framework (CVRF) (2018). http://www.icasi.org/cvrf/. Accessed 27 Feb 2018
NIST: common configuration enumeration (CCE) details (2018). https://nvd.nist.gov/cce/index.cfm. Accessed 27 Feb 2018
Kruegel C, Valeur F, Vigna G (2004) Intrusion detection and correlation: challenges and solutions. Springer, USA
Fedorchenko A, Kotenko I, El Baz D (2017) Correlation of security events based on the analysis of structures of event types. 2017 9th IEEE international conference on intelligent data acquisition and advanced computing systems: technology and applications (IDAACS), vol 1. IEEE, New York, pp 270–276
Kotenko I, Chechulin A, Doynikova E, Fedorchenko A (2017) Ontological hybrid storage for security data. International symposium on intelligent and distributed computing. Springer, Berlin, pp 159–171
Fedorchenko A, Kotenko I, Doynikova E, Chechulin A (2017) The ontological approach application for construction of the hybrid security repository. In: 2017 XX IEEE international conference on soft computing and measurements (SCM). IEEE, New York (2017), pp 525–528
Kotenko IV (2014) Chechulin AA (2014) Fast network attack modelling and security evaluation based on attack graphs. J Cyber Secur Mobil 3(1):27–46
Doynikova EV, Chechulin AA, Kotenko IV (2017) Analytical attack modelling and security assessment based on the common vulnerability scoring system. In: Proceedings of the 20th conference of open innovations association FRUCT, vol 20
ISO: ISO/IEC 27004:2016: Information technology - security techniques - information security management - monitoring, measurement, analysis and evaluation (2018). https://www.iso.org/obp/ui/#iso:std:iso-iec:27004:ed-2:v1:en:en. Accessed 27 Feb 2018
Singhal A, Ou X (2011) Security risk analysis of enterprise networks using probabilistic attack graphs, Nist inter-agency report
Kotenko IV, Doynikova EV (2016) Dynamical calculation of security metrics for countermeasure selection in computer networks. In: Proceedings of the 24th Euromicro international conference on parallel. IEEE Computer Society, Los Alamitos, California, pp 558–565
Piliero S (2009) Security Metrics. Establishing unambiguous and logically defensible security metrics (2009). https://www.certconf.org/presentations/2009/files/WK-1.pdf. Accessed 27 Feb 2018
Kotenko I, Stepashkin M (2006) Attack graph based evaluation of network security. IFIP international conference on communications and multimedia security. Springer, Berlin, pp 216–227
Cheng Y, Deng J, Li J, Deloach S, Singhal A, Ou X (2018) Metrics of security
ISO: ISO/IEC 27005:2011: information technology - security techniques - information security management - monitoring, measurement, analysis and evaluation (2018). Accessed 27 Feb 2018
Poolsappasit N, Dewri R, Ray I (2012) Dynamic security risk management using bayesian attack graphs. IEEE Trans Depend Sec Comput 9(1):61–74
Frigault M, Wang L, Singhal A, Jajodia S (2008) Measuring network security using dynamic Bayesian network. In: Proceedings of the 4th ACM workshop on quality of protection, ACM, pp 23–30
Doynikova E, Kotenko I (2017) CVSS-based probabilistic risk assessment for cyber situational awareness and countermeasure selection. 2017 25th Euromicro International conference on parallel, distributed and network-based processing (PDP). IEEE, New York, pp 346–353
Acknowledgements
This research is being supported by the grants of the RFBR (18-07-01488), partial support of budgetary subject 16-116033110102-5, Grant 074-U01, and the Council for Grants of the President of Russia (project MK-314.2017.9, scholarship SP-751.2018.5).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this chapter
Cite this chapter
Kotenko, I., Doynikova, E., Chechulin, A., Fedorchenko, A. (2018). AI- and Metrics-Based Vulnerability-Centric Cyber Security Assessment and Countermeasure Selection. In: Parkinson, S., Crampton, A., Hill, R. (eds) Guide to Vulnerability Analysis for Computer Networks and Systems. Computer Communications and Networks. Springer, Cham. https://doi.org/10.1007/978-3-319-92624-7_5
Download citation
DOI: https://doi.org/10.1007/978-3-319-92624-7_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-92623-0
Online ISBN: 978-3-319-92624-7
eBook Packages: Computer ScienceComputer Science (R0)