skip to main content
10.1145/3151848.3151864acmotherconferencesArticle/Chapter ViewAbstractPublication PagesmommConference Proceedingsconference-collections
research-article

Proactive Damage Assessment of Cyber Attacks Using Mobile Observer Agents

Published: 04 December 2017 Publication History

Abstract

One of the most critical challenges facing cyber defense nowadays is the complexity of recent released cyber-attacks, which are capable of disrupting critical industries and jeopardizing national economy. In this context, moving beyond common security approaches to make it possible to neutralize and react to security attacks at their early stages, becomes a requisite. We develop in this paper a formal model for the proactive assessment of security damages. We define a network of observer agents capable of observing incomplete information about attacks and affected cyber systems, and generating security observations useful for the identification of ongoing attack scenarios and their evolution in the future. A set of analytics are developed for the generation and management of scenario contexts as a set of measures useful for the proactive assessment of damages in the future, and the launching of countermeasures. A case study is provided to exemplify the proposal.

References

[1]
Cuppens, F., Autrel, F., Miege, A., and Benferhat, S. Recognizing malicious intention in an intrusion detection process. In Second International Conference on Hybrid Intelligent Systems (2002).
[2]
Cuppens, F., and Miege, A. Alert correlation in a cooperative intrusion detection framework. In Proceedings of the 2002 IEEE Symposium on Security and Privacy (2002), pp. 202--215.
[3]
Dewar, R. S. The triptych of cyber security: A classification of active cyber defence. In 6th International Conference On Cyber Conflict (June 2014), pp. 7--21.
[4]
Heckman, K. E., Walsh, M. J., Stech, F. J., O'Boyle, T. A., DiCato, S. R., and Herber, A. F. Active cyber defense with denial and deception: A cyber-wargame experiment. Computers & Security 37 (2013), 72--77.
[5]
Herring, M., and Willett, K. Active cyber defense: A vision for real-time cyber defense. Warfare 13 (2014), 46--55.
[6]
Lakhdhar, Y., Rekhis, S., and Boudriga, N. An approach to a graph-based active cyber defense model. In Proceedings of the 14th International Conference on Advances in Mobile Computing and MultiMedia (November 2016), pp. 261--268.
[7]
Rekhis, S., and Boudriga, N. Visibility: A novel concept for characterising provable network digital evidences. International journal of security and networks 4, 4 (2009), 234--245.
[8]
Rowe, N. C., Duong, B. T., and Custy, E. J. Fake honeypots: A defensive tactic for cyberspace. IEEE Information Assurance Workshop (2006).
[9]
Shi, L., Jia, C., Lu, S., and Liu, Z. Port and address hopping for active cyber-defense. Intelligence and Security Informatics (2007), 295--300.
[10]
Xu, S., Lu, W., and Li, H. A stochastic model of active cyber defense dynamics. CoRR (2016).
[11]
Zheng, R., Lu, W., and Xu, S. Active cyber defense dynamics exhibiting rich phenomena. In Proceedings of the 2015 Symposium and Bootcamp on the Science of Security (2015).

Cited By

View all
  • (2021)Proactive Security for Safety and Sustainability of Mission Critical SystemsIEEE Transactions on Sustainable Computing10.1109/TSUSC.2018.28100926:2(257-273)Online publication date: 1-Apr-2021
  • (2018)A Context-Based Model for Validating the Ability of Cyber Systems to Defend Against AttacksUbiquitous Networking10.1007/978-3-030-02849-7_27(295-307)Online publication date: 3-Nov-2018

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
MoMM2017: Proceedings of the 15th International Conference on Advances in Mobile Computing & Multimedia
December 2017
246 pages
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

  • Johannes Kepler University, Linz, Austria
  • @WAS: International Organization of Information Integration and Web-based Applications and Services

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 04 December 2017

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Conference

MoMM2017

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)5
  • Downloads (Last 6 weeks)1
Reflects downloads up to 22 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2021)Proactive Security for Safety and Sustainability of Mission Critical SystemsIEEE Transactions on Sustainable Computing10.1109/TSUSC.2018.28100926:2(257-273)Online publication date: 1-Apr-2021
  • (2018)A Context-Based Model for Validating the Ability of Cyber Systems to Defend Against AttacksUbiquitous Networking10.1007/978-3-030-02849-7_27(295-307)Online publication date: 3-Nov-2018

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media