Skip to main content
SpringerLink
Log in

Intelligence in security countermeasures selection

  • Original Paper
  • Published:
Journal of Computer Virology and Hacking Techniques Aims and scope Submit manuscript

Abstract

Identifying security risks in organizations and also determining their severity in order to select appropriate security countermeasures is of great importance in organizations. In the last two decades, a lot of work has been done to increase the accuracy of risk impact calculation as well as the right selection of countermeasures. Also, a variety of work has been proposed to select combined countermeasures instead of single ones. So there is a challenge to balance the cost of security with the improvement of the defense system. In this paper, a dataset that includes the organization business processes, security data, assets, vulnerabilities, and related security countermeasures is suggested for the first time. In the previous work, this chain of information from the content of the organization, which is definitely different from another organization, has not been considered for the analysis of the performance of countermeasures (success or failure). Based on the results of the countermeasures during the organization’s lifetime, more efficient countermeasures can be suggested for new or existing risks. Therefore, by intelligently selecting the security countermeasures presented in this paper, organizations will be able to identify ineffective countermeasures and prevent them from being re-selected to counter attackers. In this way, we can make our organization more resilient to attackers over time.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

Notes

  1. Common Vulnerability Scoring System (CVSS).

  2. Open Web Application Security Project.

References

  1. Baskerville, R., Rowe, F., Wolff, F.C.: Integration of information systems and cybersecurity countermeasures: an exposure to risk perspective. ACM SIGMIS Database DATABASE Adv. Inf. Syst. 49(1), 33–52 (2018)

    Article  Google Scholar 

  2. Schmitz, C., Sekula, A., Pape, S., Pipek, V., Rannenberg, K.: Easing the burden of security self-assessments. In: 12th International Symposium on Human Aspects of Information Security & Assurance, pp. 29–31 (2018)

  3. Manna, A., Sengupta, A., Mazumdar, C.: A quantitative methodology for business process-based data privacy risk computation. In: Advanced Computing and Systems for Security, pp. 17–33 (2020)

  4. Varela-Vaca, A.J., Parody, L., Gasca, R.M., Gomez-Lopez, M.T.: Automatic verification and diagnosis of security risk assessments in business process models. IEEE Access 7, 26448–26465 (2019)

    Article  Google Scholar 

  5. Xue, B., Krishnan, R., Padman, R., Wang, H.J.: On risk management with information flows in business processes. Inf. Syst. Res. 12, 1–19 (2012)

    Google Scholar 

  6. Lambert, J.H., Jennings, R.K., Joshi, N.N.: Integration of risk identification with business process models. Syst. Eng. 9(3), 187–198 (2006)

    Article  Google Scholar 

  7. Ganin, A.A., Quach, P., Panwar, M., Collier, Z.A., Keisler, J.M., Marchese, D., Linkov, I.: Multicriteria decision framework for cybersecurity risk assessment and management. Risk Anal. 40(1), 183–199 (2020)

    Article  Google Scholar 

  8. Doynikova, E., Kotenko, I.: CVSS-based probabilistic risk assessment for cyber situational awareness and countermeasure selection. In: 2017 25th Euromicro International Conference on Parallel, Distributed and Network-based Processing, pp. 346–353 (2017)

  9. Chung, C.-J., Khatkar, P., Xing, T., Lee, J., Huang, D.: NICE: network intrusion detection and countermeasure selection in virtual network systems. IEEE Trans. Depend. Secure Comput. TDSC 5(4), 198–211 (2013)

    Article  Google Scholar 

  10. Granadillo, G.G., Belhaouane, M., Debar, H., Jacob, G.: RORI-based countermeasure selection using the OrBAC formalism. Int. J. Inf. Secur. 13(1), 63–79 (2014)

    Article  Google Scholar 

  11. Li, F., Li, Y., Leng, S., Guo, Y., Geng, K., Wang, Z., Fang, L.: Dynamic countermeasures selection for multi-path attacks. Comput. Secur. 97, 101927 (2020)

    Article  Google Scholar 

  12. Allodi, L., Banescu, S., Femmer, H., Beckers, K.: Identifying relevant information cues for vulnerability assessment using CVSS. In: Proceedings of the Eighth ACM Conference on Data and Application Security and Privacy, pp. 119–126 (2018)

  13. Shedden, P., Ahmad, A., Smith, W., Tscherning, H., Scheepers, R.: Asset identification in information security risk assessment: a business practice approach. Commun. Assoc. Inf. Syst. 39(1), 15 (2016)

    Google Scholar 

  14. Labda, W., Mehandjiev, N., Sampaio, P.: Modeling of privacy-aware business processes in BPMN to protect personal data. In: Proceedings of the 29th Annual ACM Symposium on Applied Computing, pp. 1399–1405 (2014)

  15. Ahmed, N., Matulevicius, R.: Securing business processes using security risk-oriented patterns. Comput. Stand. Interfaces 36(4), 723–733 (2014)

    Article  Google Scholar 

  16. Altuhhova, O., Matulevicius, R., Ahmed, N.: Towards definition of secure business processes. Lect. Notes Bus. Inf. Process. 112, 1–15 (2012)

    Google Scholar 

  17. Cope, E.W., Kuster, J.M., Etzweiler, D., Deleris, L.A., Ray, B.: Incorporating risk into business process models. IBM J. Res. Dev. 54(3), 1–13 (2010)

    Article  Google Scholar 

  18. Herrmann, P., Herrmann, G.: Security requirement analysis of business processes. Electron. Commer. Res. 6(3–4), 305–335 (2006)

  19. Jurjens, J.: UMLSEC: extending UML for secure systems development. In: International Conference on the Unified Modeling Language, pp. 412–425 (2002)

  20. Soomro, I., Ahmed, N.: Towards security risk-oriented misuse cases. In: International Conference on Business Process Management, vol. 132, pp. 689–700 (2013)

  21. Cha, S.C., Yeh, K.H.: A data-driven security risk assessment scheme for personal data protection. IEEE Access 52, 50510–50517 (2018)

    Article  Google Scholar 

  22. Kheir, N., Debar, H., Cuppens-Boulahia, N., Cuppens, F., Viinikka, J.: Cost evaluation for intrusion response using dependency graphs. In: IFIP International Conference on Network and Service Security, pp. 1–6 (2009)

  23. Kaynar, K.: A taxonomy for attack graph generation and usage in network security. J. Inf. Secur. Appl. 29, 27–56 (2016)

    Google Scholar 

  24. Roy, A., Kim, D.S., Trivedi, K.S.: Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees. Secur. Commun. Netw. 5(8), 929–943 (2012)

    Article  Google Scholar 

  25. Roy, A., Kim, D.S., Trivedi, K.S.: Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees. Secur. Commun. Netw. 5(8), 929–943 (2012)

    Article  Google Scholar 

  26. Foo, B., Wu, Y.S., Mao, Y.C., Bagchi, S., Spafford, E.: ADEPTS: adaptive intrusion response using attack graphs in an e-commerce environment. In: International Conference on Dependable Systems and Networks, pp. 508–517 (2005)

  27. Shameli-Sendi, A.: An efficient security data-driven approach for implementing risk assessment. J. Inf. Secur. Appl. 54, 102593 (2020)

    Google Scholar 

  28. Gonzalez-Granadillo, G., Doynikova, E., Garcia-Alfaro, J., Kotenko, I., Fedorchenko, A.: Stateful RORI-based countermeasure selection using hypergraphs. J. Inf. Secur. Appl. 54, 102562 (2020)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Faculty of Computer Science and Engineering, Shahid Beheshti University (SBU), Tehran, Iran

    Sina Tamjidi & Alireza Shameli-Sendi

Authors
  1. Sina Tamjidi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alireza Shameli-Sendi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alireza Shameli-Sendi.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Tamjidi, S., Shameli-Sendi, A. Intelligence in security countermeasures selection. J Comput Virol Hack Tech 19, 137–148 (2023). https://doi.org/10.1007/s11416-022-00439-w

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-022-00439-w

Keywords

Search

Navigation