Skip to main content
SpringerLink
Log in

Battling against cyberattacks: towards pre-standardization of countermeasures

  • Published:
Cluster Computing Aims and scope Submit manuscript

Abstract

Cyberattacks targeting ICT systems are becoming every day more sophisticated and disruptive. Such malevolent actions are performed by ill-motivated entities (governments, states, administrations, etc.), often featuring almost unlimited resources, but also by skilled individuals due to the accessibility of the attacks source code. In this alarming scenario, the selection of the optimal set of countermeasures to fire against those attacks represents a primary necessity. While significant effort has been made toward the standardization of the representation of security-related knowledge such as vulnerabilities, weaknesses, and attacks, the intelligence surrounding the countermeasures field received considerably less attention. The paper at hand aims at contributing to the reaction ecosystem by proposing a standard representation of the countermeasure instances. With such a proposition, we address one of the critical challenges found in the literature, that is, the absence of a commonly-shared definition of remediations. To demonstrate the feasibility of our approach, we present several scenarios where some relevant countermeasures are efficiently enforced, resulting in mitigating the ongoing cyberthreat. Then, the advantages and disadvantages of our proposal are extensively discussed, opening the debate for novel and effective contributions in this research line.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

Notes

  1. https://securelist.com/story-of-the-year-2019-cities-under-ransomware-siege/95456/.

  2. https://cve.mitre.org/.

  3. https://cwe.mitre.org/.

  4. https://capec.mitre.org/.

  5. https://csrc.nist.gov/Projects/Security-Content-Automation-Protocol/Specifications/Common-Configuration-Enumeration-(CCE).

  6. https://cyboxproject.github.io/.

  7. https://stucco.github.io/.

  8. https://www.nist.gov/.

  9. https://www.mitre.org/.

  10. https://csrc.nist.gov/projects/security-content-automation-protocol.

  11. https://csrc.nist.gov/Projects/Security-Content-Automation-Protocol/Specifications/cpe/applicability-language.

  12. https://csrc.nist.gov/csrc/media/publications/nistir/7670/archive/2011-02-10/documents/draft-nistir-7670_feb2011.pdf.

  13. ISO/IEC 27002:2005 Code of practice for information security management. https://www.iso.org/standard/50297.html.

  14. AJP-5, Allied Joint Doctrine for the Planning of Operations, https://nso.nato.int/nso/.

  15. CVSS, common vulnerabilities scoring system. https://www.first.org/cvss.

  16. https://nvd.nist.gov/vuln/detail/CVE-2017-13772.

  17. https://nvd.nist.gov/vuln/detail/CVE-2019-11889.

  18. https://nvd.nist.gov/vuln/detail/CVE-2015-5343.

  19. https://nvd.nist.gov/vuln/detail/CVE-2017-8589.

  20. https://nvd.nist.gov/vuln/detail/CVE-2016-3609.

  21. https://nvd.nist.gov/vuln/detail/CVE-2019-0211.

  22. https://nvd.nist.gov/vuln/detail/CVE-2019-6519.

  23. MITRE ATT&CK. https://attack.mitre.org/.

References

  1. Bhol, S.G., Mohanty, J.R., Pattnaik, P.K.: Cyber security metrics evaluation using multi-criteria decision-making approach. In: Satapathy, S.C., Bhateja, V., Mohanty, J.R., Udgata, S.K. (eds.) Smart Intelligent Computing and Applications, pp. 665–675. Springer, Singapore (2020)

    Chapter  Google Scholar 

  2. Casola, V., De Benedictis, A., Rak, M., Villano, U.: A security metric catalogue for cloud applications. In: Barolli, L., Terzo, O. (eds.) Complex, Intelligent, and Software Intensive Systems, pp. 854–863. Springer, Cham (2018)

    Chapter  Google Scholar 

  3. Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., Stoddart, K.: A review of cyber security risk assessment methods for SCADA systems. Comput. Secur. 56, 1–27 (2016)

    Article  Google Scholar 

  4. Cremonini, M., Martini, M.: Evaluating information security investments from attackers perspective: the return-on-attack (ROA). In: Fourth Workshop on the Economics of Information Security, WEIS ’05. Harvard University, Cambridge (2005)

  5. de Franco Rosa, F., Bonacin, R., Jino, M.: The security assessment domain: a survey of taxonomies and ontologies. CoRR (2017). https://doi.org/10.13140/RG.2.2.12437.73441

    Article  Google Scholar 

  6. de Franco Rosa, F., Jino, M., Bonacin, R.: Towards an ontology of security assessment: a core model proposal. In: Latifi, S. (ed.) Information Technology—New Generations, pp. 75–80. Springer, Cham (2018)

    Chapter  Google Scholar 

  7. Dewri, R., Poolsappasit, N., Ray, I., Whitley, D.: Optimal security hardening using multi-objective optimization on attack tree models of networks. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS ’07, pp. 204–213. ACM, New York (2007)

  8. Díaz López, D., Blanco Uribe, M., Santiago Cely, C., Vega Torres, A., Moreno Guataquira, N., Morón Castro, S., Nespoli, P., Gómez Mármol, F.: Shielding IoT against cyber-attacks: an event-based approach using SIEM. Wirel. Commun. Mob. Comput. (2018). https://doi.org/10.1155/2018/3029638

    Article  Google Scholar 

  9. Díaz López, D.O., Dólera Tormo, G., Gómez Mármol, F., Martínez Pérez, G.: Dynamic counter-measures for risk-based access control systems: an evolutive approach. Future Gener. Comput. Syst. 55, 321–335 (2016)

    Article  Google Scholar 

  10. Dutta, A., Al-Shaer, E.: Cyber defense matrix: a new model for optimal composition of cybersecurity controls to construct resilient risk mitigation. In: Proceedings of the 6th Annual Symposium on Hot Topics in the Science of Security, HotSoS ’19, pp. 14:1–14:2. ACM, New York (2019)

  11. Enoch, S.Y., Hong, J.B., Ge, M., Alzaid, H., Kim, D.S.: Automated security investment analysis of dynamic networks. In: Proceedings of the Australasian Computer Science Week Multiconference, ACSW ’18, pp. 1–10. ACM, New York (2018)

  12. Frigault, M., Wang, L., Jajodia, S., Singhal, A.: Measuring the overall network security by combining CVSS scores based on attack graphs and Bayesian networks. In: Network Security Metrics, pp. 1–23. Springer, Cham (2017)

  13. Gonzalez Granadillo, G., Ben Mustapha, Y., Hachem, N., Debar, H.: An ontology-based model for SIEM environments. In: Georgiadis, C.K., Jahankhani, H., Pimenidis, E., Bashroush, R., Al-Nemrat, A. (eds.) Global Security, Safety and Sustainability and e-Democracy, pp. 148–155. Springer, Berlin (2012)

    Chapter  Google Scholar 

  14. Gonzalez-Granadillo, G., Dubus, S., Motzek, A., Garcia-Alfaro, J., Alvarez, E., Merialdo, M., Papillon, S., Debar, H.: Dynamic risk management response system to handle cyber threats. Future Gener. Comput. Syst. 83, 535–552 (2018)

    Article  Google Scholar 

  15. Gonzalez-Granadillo, G., Garcia-Alfaro, J., Alvarez, E., El-Barbori, M., Debar, H.: Selecting optimal countermeasures for attacks against critical systems using the attack volume model and the RORI index. Comput. Electr. Eng. 47, 13–34 (2015)

    Article  Google Scholar 

  16. Gonzalez-Granadillo, G., Rubio-Hernán, J., Garcia-Alfaro, J.: Towards a security event data taxonomy. In: Cuppens, N., Cuppens, F., Lanet, J.L., Legay, A., Garcia-Alfaro, J. (eds.) Risks and Security of Internet and Systems, pp. 29–45. Springer, Cham (2018)

    Chapter  Google Scholar 

  17. Gupta, M., Ulmer, J., Chaturvedi, A., Chi, J.: Matching information security vulnerabilities to organizational security profiles: a genetic algorithm approach. Decis. Support Syst. 41, 592–603 (2006)

    Article  Google Scholar 

  18. Hassija, V., Chamola, V., Saxena, V., Jain, D., Goyal, P., Sikdar, B.: A survey on IoT security: application areas, security threats, and solution architectures. IEEE Access 7, 82721–82743 (2019)

    Article  Google Scholar 

  19. Huang, B., Majidi, M., Baldick, R.: Case study of power system cyber attack using cascading outage analysis model. In: 2018 IEEE Power Energy Society General Meeting (PESGM), pp. 1–5 (2018)

  20. Huertas Celdrán, A., Gil Pérez, M., García Clemente, F.J., Martínez Pérez, G.: Towards the autonomous provision of self-protection capabilities in 5G networks. J. Ambient Intell. Humaniz. Comput. 10(12), 4707–4720 (2019)

    Article  Google Scholar 

  21. Karmakar, K., Varadharajan, V., Tupakula, U.: Mitigating attacks in software defined networks. Clust. Comput. 22(4), 1143–1157 (2019)

    Article  Google Scholar 

  22. Khan, M.A., Salah, K.: IoT security: review, blockchain solutions, and open challenges. Future Gener. Comput. Syst. 82, 395–411 (2018)

    Article  Google Scholar 

  23. Kheir, N., Cuppens-Boulahia, N., Cuppens, F., Debar, H.: A service dependency model for cost-sensitive intrusion response. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) Computer Security—ESORICS 2010, pp. 626–642. Springer, Berlin (2010)

    Chapter  Google Scholar 

  24. Khouzani, M., Liu, Z., Malacaria, P.: Scalable min–max multi-objective cyber-security optimisation over probabilistic attack graphs. Eur. J. Oper. Res. 278(3), 894–903 (2019)

    Article  MathSciNet  Google Scholar 

  25. Kotenko, I., Doynikova, E., Chechulin, A., Fedorchenko, A.: AI- and metrics-based vulnerability-centric cyber security assessment and countermeasure selection. In: Parkinson, S., Crampton, A., Hill, R. (eds.) Guide to Vulnerability Analysis for Computer Networks and Systems: An Artificial Intelligence Approach, pp. 101–130. Springer, Cham (2018)

    Chapter  Google Scholar 

  26. Kotenko, I., Fedorchenko, A., Doynikova, E., Chechulin, A.: An ontology-based storage of security information. Inf. Technol. Control 47, 1–13 (2018)

    Google Scholar 

  27. Liu, L., De Vel, O., Han, Q., Zhang, J., Xiang, Y.: Detecting and preventing cyber insider threats: a survey. IEEE Commun. Surv. Tutor. 20(2), 1397–1417 (2018)

    Article  Google Scholar 

  28. Llansó, T., McNeil, M., Noteboom, C.: Multi-criteria selection of capability-based cybersecurity solutions. In: Proceedings of the 52nd Hawaii International Conference on System Sciences, pp. 11–20. Hamilton Library, Honolulu (2019)

  29. McGuire, G., Waltermire, D., Baker, J.: Common Remediation Enumeration (CRE) Version 1.0 (Draft). NIST Interagency/Internal Report (NISTIR)-7831 (Retired) (2011)

  30. Miehling, E., Rasouli, M., Teneketzis, D.: A POMDP approach to the dynamic defense of large-scale cyber networks. IEEE Trans. Inf. Forensics Secur. 13(10), 2490–2505 (2018)

    Article  Google Scholar 

  31. Mizzi, A.: Return on information security investment—the viability of an anti-spam solution in a wireless environment. Int. J. Netw. Secur. 10(1), 18–24 (2010)

    Google Scholar 

  32. Monaghan, S., Cullen, P., Wegge, N.: MCDC Countering Hybrid Warfare Project: Countering Hybrid Warfare. Tech. rep. Multinational Capability Development Campaign (2019). https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/784299/concepts_mcdc_countering_hybrid_warfare.pdf

  33. Monroe, C.C.: Optimizing military planners’ course of action decision-making. Master’s Thesis, Georgia Institute of Technology (2019)

  34. Moye, T., Sawilla, R., Sullivan, R., Lagadec, P.: Cyber Defence Situational Awareness Demonstration/Request for Information (RFI) from Industry and Government (CO-14068-MNCD2). Tech. Rep. NCI Agency Acquisition (2015). https://www.ncia.nato.int/Industry/Documents/RFI-CO-14068-MNCD2.pdf

  35. Nespoli, P., Papamartzivanos, D., Marmol, F.G., Kambourakis, G.: Optimal countermeasures selection against cyber attacks: a comprehensive survey on reaction frameworks. IEEE Commun. Surv. Tutor. 20(2), 1361–1396 (2018)

    Article  Google Scholar 

  36. Otoum, S., Kantarci, B., Mouftah, H.: A comparative study of AI-based intrusion detection techniques in critical infrastructures. CoRR (2020). https://arxiv.org/abs/2008.00088

  37. Pastor-Galindo, J., Nespoli, P., Gómez Mármol, F., Martínez Pérez, G.: The not yet exploited goldmine of OSINT: opportunities, open challenges and future trends. IEEE Access 8, 10282–10304 (2020)

    Article  Google Scholar 

  38. Perales Gómez, Á.L., Fernández Maimó, L., Huertas Celdrán, A., García Clemente, F.J., Cadenas Sarmiento, C., Del Canto Masa, C.J., Méndez Nistal, R.: On the generation of anomaly detection datasets in industrial control systems. IEEE Access 7, 177460–177473 (2019)

    Article  Google Scholar 

  39. Qadri, Y., Ali, R., Musaddiq, A., Al-Turjman, F., Kim, D., Kim, S.: The limitations in the state-of-the-art counter-measures against the security threats in H-IoT. Clust. Comput. 23, 2047–2065 (2020)

    Article  Google Scholar 

  40. Rea-Guaman, A., Mejia, J., San Feliu, T., Calvo-Manzano, J.: AVARCIBER: a framework for assessing cybersecurity risks. Clust. Comput. (2020). https://doi.org/10.1007/s10586-019-03034-9

    Article  Google Scholar 

  41. Ridhawi, I.A., Aloqaily, M., Boukerche, A., Jaraweh, Y.: A Blockchain-based decentralized composition solution for IoT services. In: ICC 2020—2020 IEEE International Conference on Communications (ICC), pp. 1–6. IEEE (2020)

  42. Sfakianakis, A., Douligeris, C., Marinos, L., Lourenço, M., Raghimi, O.: ENISA threat landscape report 2018. Tech. rep., ENISA (2018). https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2018

  43. Shameli-Sendi, A., Dagenais, M., Wang, L.: Realtime intrusion risk assessment model based on attack and service dependency graphs. Comput. Commun. 116, 253–272 (2018)

    Article  Google Scholar 

  44. Shameli-Sendi, A., Louafi, H., He, W., Cheriet, M.: Dynamic optimal countermeasure selection for intrusion response system. IEEE Trans. Depend. Secure Comput. 15(5), 755–770 (2018)

    Article  Google Scholar 

  45. Soikkeli, J., Muñoz González, L., Lupu, E.: Efficient attack countermeasure selection accounting for recovery and action costs. In: Proceedings of the 14th International Conference on Availability, Reliability and Security, ARES ’19, pp. 3:1–3:10. ACM, New York (2019)

  46. Stan, O., Bitton, R., Ezrets, M., Dadon, M., Inokuchi, M., Ohta, Y., Yagyu, T., Elovici, Y., Shabtai, A.: Heuristic approach towards countermeasure selection using attack graphs. CoRR (2019). https://arxiv.org/abs/1906.10943v1

  47. Stevens, R., Biller, J.: Offensive digital countermeasures: exploring the implications for governments. Cyber Def. Rev. 3(3), 93–114 (2018)

    Google Scholar 

  48. Syed, Z., Padia, A., Finin, T., Mathews, L., Joshi, A.: UCO: a unified cybersecurity ontology. In: Workshops at the Thirtieth AAAI Conference on Artificial Intelligence, Artificial Intelligence for Cyber Security, pp. 14–21 (2016)

  49. Taheri, R., Javidan, R., Shojafar, M., Vinod, P., Conti, M.: Can machine learning model with static features be fooled: an adversarial machine learning approach. Clust. Comput. (2020). https://arxiv.org/abs/1904.09433

  50. Tseng, L., Yao, X., Otum, S., Aloqaily, M., Jararweh, Y.: Blockchain-based database in an IoT environment: challenges, opportunities, and analysis. Clust. Comput. 23(3), 2151–2165 (2020)

    Article  Google Scholar 

  51. Umamaheswari, A., Kalaavathi, B.: Honeypot TB-IDS: trace back model based intrusion detection system using knowledge based honeypot construction model. Clust. Comput. 22(6), 14027–14034 (2019)

    Article  Google Scholar 

  52. Viduto, V., Maple, C., Huang, W., López-Peréz, D.: A novel risk assessment and optimisation model for a multi-objective network security countermeasure selection problem. Decis. Support Syst. 53(3), 599–610 (2012)

    Article  Google Scholar 

  53. Wang, Y., Chen, C.: Security algorithm of internet of things based on Zigbee protocol. Clust. Comput. 22(6), 14759–14766 (2019)

    Article  Google Scholar 

  54. Weishaupl, E., Yasasin, E., Schryen, G.: Information security investments: an exploratory multiple case study on decision-making, evaluation and learning. Comput. Secur. 77, 807–823 (2018)

    Article  Google Scholar 

  55. Xie, P., Li, J., Ou, X., Liu, P., Levy, R.: Using Bayesian networks for cyber security analysis. In: Proceedings of the 2010 IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2010, Proceedings of the International Conference on Dependable Systems and Networks, pp. 211–220 (2010)

  56. Yaqoob, T., Arshad, A., Abbas, H., Amjad, M.F., Shafqat, N.: Framework for calculating return on security investment (ROSI) for security-oriented organizations. Future Gener. Comput. Syst. 95, 754–763 (2019)

    Article  Google Scholar 

Download references

Acknowledgements

This work has been partially supported by an FPU Predoctoral Contract granted by the University of Murcia, by a Ramón y Cajal Research Contract (RYC-2015-18210) granted by the MINECO (Spain) and co-funded by the European Social Fund and by SAFEMAN: A Unified Management Framework for Cybersecurity and Safety in the Manufacturing Industry (RTI2018-095855-B-I00).

Author information

Authors and Affiliations

  1. Department of Information and Communications Engineering, University of Murcia, 30100, Murcia, Spain

    Pantaleone Nespoli & Félix Gómez Mármol

  2. Digital Labs, Indra, Av. de Bruselas, 35, Alcobendas, 28108, Madrid, Spain

    Jorge Maestre Vidal

Authors
  1. Pantaleone Nespoli
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Félix Gómez Mármol
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jorge Maestre Vidal
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Pantaleone Nespoli.

Ethics declarations

Conflict of interest

The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Nespoli, P., Gómez Mármol, F. & Maestre Vidal, J. Battling against cyberattacks: towards pre-standardization of countermeasures. Cluster Comput 24, 57–81 (2021). https://doi.org/10.1007/s10586-020-03198-9

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10586-020-03198-9

Keywords

Search

Navigation