research-article

Framework for risk assessment in cyber situational awareness

Authors:

Hao ZhiyuAuthors Info & Claims

IET Information Security, Volume 13, Issue 2

Pages 149 - 156

https://doi.org/10.1049/iet-ifs.2018.5189

Published: 01 March 2019 Publication History

Abstract

A large number of data is generated to help network analysts to evaluate the network security situation in traditional detection and prevention measures, but it is not used fully and effectively, there is not a holistic view of the network situation on it for now. To address this issue, a framework is proposed to evaluate the security situation of the network from three dimensions: threat, vulnerability and stability, and merge the results at decision level to measure the security situation of the overall network. In the case studies, the authors demonstrate how the framework is deployed in the network and how to use it to reflect the security situation of the network in real time. Results of the case study show that the framework can evaluate the security situation of the network accurately and reasonably.

7 References

[1]

Lakkaraju, K., Yurcik, W., Lee, A.J.: ‘NVisionIP: netflow visualizations of system state for security situational awareness’. Proc. 2004 ACM Workshop on Visualization and Data Mining for Computer Security, Washington, D.C., 2004, pp. 65–72

[2]

Yin, X., Yurcik, W., Slagell, A.: ‘The design of VisFlowConnect‐IP: a link analysis system for IP security situational awareness’. Int. Workshop on Information Assurance, College Park, MD, 2005, pp. 141–153

[3]

Bandes, R., Shlmeall, T., Heckathorn, M. et al: ‘Analysts handbook: using SiLK for network traffic analysis’. Software Engineering Institute, CERT Program, Pittsburgh PA, 2010

[4]

Jajodia, S., Noel, S., OBerry, B.: ‘Topological analysis of network attack vulnerability’, in Kumar, V., Srivastava, J., Lazarevic, A. (Eds.): ‘Managing cyber threats’ (Springer, USA, 2005), pp. 247–266

[5]

Wang, L., Singhal, A., Jajodia, S.: ‘Measuring network security using attack graphs’. Proc. Third ACM Workshop on Quality of Protection, Alexandria, VA, October 2007, pp. 49–54

[6]

Wang, L., Singhal, A., Jajodia, S.: ‘Measuring the overall security of network configurations using attack graphs’, in Barker, S., Ahn, G.J. (Eds.): ‘Data and applications security XXI’ (Springer, Berlin Heidelberg, 2007), pp. 98–112

[7]

Xu, D., Ning, P.: ‘Alert correlation through triggering events and common resources’. Proc. 20th Annual Computer Security Applications Conf., Tucson, AZ, December 2004, pp. 360–369

[8]

Zhai, Y., Ning, P., Iyer, P. et al: ‘Reasoning about complementary intrusion evidence’. Proc. 20th Annual Computer Security Applications Conf., Tucson, AZ, December 2004, pp. 39–48

[9]

Allodi, L., Massacci, F.: ‘Comparing vulnerability severity and exploits using case‐control studies’, ACM Trans. Inf. Syst. Secur. (TISSEC), 2014, 17, (1), p. 1

[10]

Barford, P., Chen, Y., Goyal, A. et al: ‘Employing honeynets for network situational awareness’, in Jajodia, S., Liu, P., Swarup, V. et al (Eds.): ‘Cyber situational awareness’ (Springer, USA, 2010), pp. 71–102

[11]

Thonnard, O., Dacier, M.: ‘A framework for attack patterns’ discovery in honeynet data’, Digit. Invest., 2008, 5, pp. S128–S139

[12]

Morin, B., Mé, L, Debar, H. et al: ‘M2d2: A formal data model for IDS alert correlation’. Recent Advances in Intrusion Detection, 2002, pp. 115–137

[13]

Porras, P.A., Fong, M.W., Valdes, A.: ‘A mission‐impact‐based approach to INFOSEC alarm correlation’. Recent Advances in Intrusion Detection, 2002, pp. 95–114

[14]

Doynikova, E., Kotenko, I.V.: ‘CVSS‐based probabilistic risk assessment for cyber situational awareness and countermeasure selection’. Int. Conf. Parallel, Distributed and Network‐Based Processing, 2017, pp. 346–353

[15]

Debar, H., Curry, D.A., Feinstein, B.S.: ‘The intrusion detection message exchange format (IDMEF)’, 2007

[16]

AS/NZS 4360 : risk management. Standards Australia and Standards New Zealand, 2004

[17]

Nappa, A., Johnson, R., Bilge, L. et al: ‘The attack of the clones: a study of the impact of shared code on vulnerability patching’. IEEE Symp. Security and Privacy, 2015, pp. 692–708

[18]

Wang, L., Jajodia, S., Singhal, A. et al: ‘k ‐zero day safety: a network security metric for measuring the risk of unknown vulnerabilities’, IEEE Trans. Dependable Secur. Comput., 2014, 11, (1), pp. 30–44

[19]

Frei, S., May, M., Fiedler, U. et al: ‘Large‐scale vulnerability analysis’. Proc. 2006 SIGCOMM Workshop on Large‐Scale Attack Defense, 2006, pp. 131–138

[20]

Shahzad, M., Shafiq, M.Z., Liu, A.X.: ‘A large scale exploratory analysis of software vulnerability life cycles’. Proc. 34th Int. Conf. Software Engineering, 2012, pp. 771–781

[21]

Siaterlis, C., Maglaris, V.: ‘Detecting incoming and outgoing DDoS attacks at the edge using a single set of network characteristics’. IEEE Symp. Computers and Communications, 2005, pp. 469–475

[22]

‘Snort‐he open source network intrusion detection system’,. Available at http://www.snort.org, accessed January 2016

[23]

‘IPtraf‐an IP network monitor’,. Available at http://iptraf.seul.org/, accessed January 2016

[24]

‘OpenVAS‐open vulnerability assessment system’,. Available at http://www.openvas.org/, accessed January 2016

[25]

‘Nmap‐free security scanner for network’,. Available at http://nmap.org/, accessed January 2016

Cited By

Li XZhong Y(2023)Exploration of a network security situational awareness model based on multisource data fusionNeural Computing and Applications10.1007/s00521-023-08500-535:36(25083-25095)Online publication date: 1-Dec-2023
https://dl.acm.org/doi/10.1007/s00521-023-08500-5
Safarzadehvahed MAbazari FShabani F(2023)QR-SACP: Quantitative Risk-Based Situational Awareness Calculation and Projection Through Threat Information SharingInformation Security Practice and Experience10.1007/978-981-99-7032-2_11(170-193)Online publication date: 24-Aug-2023
https://dl.acm.org/doi/10.1007/978-981-99-7032-2_11
Qiu QWang DDu XYu SLiu SZhao B(2022)Security Standards and Measures for Massive IoT in the 5G EraMobile Networks and Applications10.1007/s11036-021-01841-227:1(392-403)Online publication date: 1-Feb-2022
https://dl.acm.org/doi/10.1007/s11036-021-01841-2
Show More Cited By

Recommendations

Mission-Centric Risk Assessment to Improve Cyber Situational Awareness
ARES '18: Proceedings of the 13th International Conference on Availability, Reliability and Security

Cyber situational awareness has become increasingly important for proactive risk management to help detect and mitigate cyber attacks. Being aware of the importance of individual information system assets to the goal or mission of the organisation is ...
Exploring risk flow attack graph for security risk assessment

Researchers have previously looked into the problem of determining the connection between invasive events and network risk, and attack graph (AG) was proposed to seek countermeasures. However, AG has proved to have various limitations in practical ...
Security Evaluation for Cyber Situational Awareness
HPCC '14: Proceedings of the 2014 IEEE Intl Conf on High Performance Computing and Communications, 2014 IEEE 6th Intl Symp on Cyberspace Safety and Security, 2014 IEEE 11th Intl Conf on Embedded Software and Syst (HPCC,CSS,ICESS)

The paper considers techniques for measurement and calculation of security metrics taking into account attack graphs and service dependencies. The techniques are based on several assessment levels (topological, attack graph level, attacker level, events ...

Comments

Information & Contributors

Information

Published In

cover image IET Information Security

IET Information Security Volume 13, Issue 2

March 2019

80 pages

EISSN:1751-8717

DOI:10.1049/ise2.v13.2

Issue’s Table of Contents

© 2020 The Institution of Engineering and Technology.

Publisher

John Wiley & Sons, Inc.

United States

Publication History

Published: 01 March 2019

Author Tags

Author Tags

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 20 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Li XZhong Y(2023)Exploration of a network security situational awareness model based on multisource data fusionNeural Computing and Applications10.1007/s00521-023-08500-535:36(25083-25095)Online publication date: 1-Dec-2023
https://dl.acm.org/doi/10.1007/s00521-023-08500-5
Safarzadehvahed MAbazari FShabani F(2023)QR-SACP: Quantitative Risk-Based Situational Awareness Calculation and Projection Through Threat Information SharingInformation Security Practice and Experience10.1007/978-981-99-7032-2_11(170-193)Online publication date: 24-Aug-2023
https://dl.acm.org/doi/10.1007/978-981-99-7032-2_11
Qiu QWang DDu XYu SLiu SZhao B(2022)Security Standards and Measures for Massive IoT in the 5G EraMobile Networks and Applications10.1007/s11036-021-01841-227:1(392-403)Online publication date: 1-Feb-2022
https://dl.acm.org/doi/10.1007/s11036-021-01841-2
Thangavelu MKrishnaswamy VSharma M(2021)Impact of comprehensive information security awareness and cognitive characteristics on security incident management – an empirical studyComputers and Security10.1016/j.cose.2021.102401109:COnline publication date: 1-Oct-2021
https://dl.acm.org/doi/10.1016/j.cose.2021.102401
Sepúlveda Estay DSahay RBarfod MJensen C(2020)A systematic review of cyber-resilience assessment frameworksComputers and Security10.1016/j.cose.2020.10199697:COnline publication date: 1-Oct-2020
https://dl.acm.org/doi/10.1016/j.cose.2020.101996

View Options

View options

Media

Figures

Other

Tables

View Issue’s Table of Contents