research-article

Public Access

Who Touched My Mission: Towards Probabilistic Mission Impact Assessment

Authors:

Peng LiuAuthors Info & Claims

SafeConfig '15: Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense

Pages 21 - 26

https://doi.org/10.1145/2809826.2809834

Published: 12 October 2015 Publication History

Abstract

Cyber attacks inevitably generate impacts towards relevant missions. However, concrete methods to accurately evaluate such impacts are rare. In this paper, we propose a probabilistic approach based on Bayesian networks for quantitative mission impact assessment. A System Object Dependency Graph (SODG) is first built to capture the intrusion propagation process at the low operating system level. On top of the SODG, a mission-task-asset (MTA) map can be established to associate the system objects with corresponding tasks and missions. Based on the MTA map, a Bayesian network can be constructed to leverage the collected intrusion evidence and infer the probabilities of tasks and missions being tainted. This approach is promising for effective quantitative mission impact assessment.

References

[1]

Gabriel Jakobson. Mission Cyber Security Situation Assessment Using Impact Dependency Graphs.

[2]

Jun Dai, Xiaoyan Sun, Peng Liu, Nicklaus Giacobe. Gaining Big Picture Awareness through an Interconnected Cross-layer Situation Knowledge Reference Model. 2012 ASE International Conference on Cyber Security, Washington DC, 2012

Digital Library

[3]

Tripwire. http://www.tripwire.com/.

[4]

Snort. https://www.snort.org/.

[5]

Tcpdump. http://www.tcpdump.org/.

[6]

S. T. King, and P. M. Chen. Backtracking intrusions. ACM SIGOPS, 2003.

Digital Library

[7]

X. Xiong, X. Jia, and P. Liu. Shelf: Preserving business continuity and availability in an intrusion recovery system. ACSAC, 2009.

Digital Library

[8]

J. Dai, X. Sun, and P. Liu. Patrol: Revealing zero-day attack paths through network-wide system object dependencies. ESORICS, 2013.

[9]

A. Natarajan, P. Ning, Y. Liu, S. Jajodia, and S.E. Hutchinson. NSDMiner: Automated discovery of Network Service Dependencies. In Proceeding of IEEE International Conference on Computer Communications, 2012.

[10]

Barry Peddycord III, Peng Ning, and Sushil Jajodia. On the accurate identifi- cation of network service dependencies in distributed systems. In USENIX Association Proceedings of the 26th international conference on Large Installation System Administration: strategies, tools, and techniques, 2012.

Digital Library

[11]

Rodrigo Fonseca, George Porter, Randy H. Katz, Scott Shenker, and Ion Stoica. X-trace: A pervasive network tracing framework. In USENIX Association Proceedings of the 4th USENIX conference on Networked systems design and implementation, 2007.

Digital Library

[12]

Paul Barham, Richard Black, Moises Goldszmidt, Rebecca Isaacs, John MacCormick, Richard Mortier, and Aleksandr Simma. Constellation: automated discovery of service and host dependencies in networked systems. In TechReport MSR-TR-2008--67, 2008.

[13]

Jun Dai. Gaining Big Picture Awareness in Enterprise Cyber Security Defense. Ph.D. dissertation, 2014.

[14]

S. Musman, A. Temin, M. Tanner, D. Fox, and B. Pridemore. Evaluating the Impact of Cyber Attacks on Missions. MITRE Technical Paper 09--4577, July 2010.

[15]

Alberts C., et al. (2005). Mission Assurance Analysis Protocol (MAAP): Assessing Risk in Complex Environments. Carnegie Mellon University/SEI-2005-TN-032. Pittsburgh, PA: Carnegie Mellon University.

[16]

Watters J., et al. (2009). The Risk-to-Mission Assessment Process (RiskMAP): A Sensitivity Analysis and an Extension to Treat Confidentiality Issues.

[17]

P. Xie, J. H. Li, X. Ou, P. Liu, and R. Levy. Using Bayesian networks for cyber security analysis. DSN, 2010.

[18]

X. Ou, W. F. Boyer, and M. A. McQueen. A scalable approach to attack graph generation. ACM CCS, 2006.

Digital Library

[19]

X. Ou, S. Govindavajhala, and A. W. Appel. MulVAL: A Logic-based Network Security Analyzer. USENIX security, 2005.

Digital Library

[20]

Xiaoyan Sun, Jun Dai, Anoop Singhal, Peng Liu. Inferring the Stealthy Bridges between Enterprise Network Islands in Cloud Using Cross-Layer Bayesian Networks 10th International Conference on Security and Privacy in Communication Networks (SecureComm 2014), Beijing, China

[21]

M. Fong, P. Porras, and A. Valdes. A Mission- Impact-Based Approach to INFOSEC Alarm Correlation. Proceedings Recent Advances in Intrusion Detection. Zurich, Switzerland, October 2002.

Digital Library

Cited By

Yoon HReddy Thukkaraju AMatsumoto SFerrari JLee DAhn MCosta PCho J(2024)iMIA: Interdependent Mission Impact Assessment Using Subjective Bayesian NetworksNOMS 2024-2024 IEEE Network Operations and Management Symposium10.1109/NOMS59830.2024.10575273(1-7)Online publication date: 6-May-2024
https://doi.org/10.1109/NOMS59830.2024.10575273
Sadlek LČeleda P(2024)Cyber Key Terrain Identification Using Adjusted PageRank CentralityICT Systems Security and Privacy Protection10.1007/978-3-031-56326-3_21(293-306)Online publication date: 24-Apr-2024
https://doi.org/10.1007/978-3-031-56326-3_21
Carvalho OApolinário FEscravana NRibeiro CHong JBures MPark JCerny T(2022)CIIAProceedings of the 37th ACM/SIGAPP Symposium on Applied Computing10.1145/3477314.3507313(124-132)Online publication date: 25-Apr-2022
https://dl.acm.org/doi/10.1145/3477314.3507313
Show More Cited By

Index Terms

Who Touched My Mission: Towards Probabilistic Mission Impact Assessment
1. Security and privacy

Recommendations

Improving the cyber incident mission impact assessment (CIMIA) process
CSIIRW '08: Proceedings of the 4th annual workshop on Cyber security and information intelligence research: developing strategies to meet the cyber security and information intelligence challenges ahead

Despite our best efforts to secure our cyberspace; we inevitably experience incidents in the cyber domain which result in the loss of the confidentiality, integrity, or availability of a cyber resource. When a cyber incident occurs, we must quickly and ...
Flight mission scenario generation with knowledge-based system
IEA/AIE '88: Proceedings of the 1st international conference on Industrial and engineering applications of artificial intelligence and expert systems - Volume 1

ScenGen (FLIGHT MISSION ScenARIO GenERATOR) is a prototype knowledge based system being developed at Boeing for the Flight Crew Operations Requirements Group. The main objective of ScenGen is to provide a system which utilizes the tools and problem ...
Voyager mission telecommunication firsts

The communications firsts of the National Aeronautics and Space Administration (NASA) Voyager mission are discussed. These include achievements in radio telemetry with regard to distance, the spacecraft hardware, and the earth-based part of the system. ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SafeConfig '15: Proceedings of the 2015 Workshop on Automated Decision Making for Active Cyber Defense

October 2015

112 pages

ISBN:9781450338219

DOI:10.1145/2809826

Program Chairs:
Ehab Al-Shaer
University of North Carolina at Charlotte, USA
,
Christopher Oehmen
Pacific Northwest National Laboratory, USA
,
Mohammad Ashiqur Rahman
Tennessee Tech University, USA

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 October 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

CCS'15

Sponsor:

SIGSAC

CCS'15: The 22nd ACM Conference on Computer and Communications Security

October 12, 2015

Colorado, Denver, USA

Acceptance Rates

SafeConfig '15 Paper Acceptance Rate 8 of 27 submissions, 30%;

Overall Acceptance Rate 22 of 61 submissions, 36%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
475
Total Downloads

Downloads (Last 12 months)73
Downloads (Last 6 weeks)10

Reflects downloads up to 05 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Yoon HReddy Thukkaraju AMatsumoto SFerrari JLee DAhn MCosta PCho J(2024)iMIA: Interdependent Mission Impact Assessment Using Subjective Bayesian NetworksNOMS 2024-2024 IEEE Network Operations and Management Symposium10.1109/NOMS59830.2024.10575273(1-7)Online publication date: 6-May-2024
https://doi.org/10.1109/NOMS59830.2024.10575273
Sadlek LČeleda P(2024)Cyber Key Terrain Identification Using Adjusted PageRank CentralityICT Systems Security and Privacy Protection10.1007/978-3-031-56326-3_21(293-306)Online publication date: 24-Apr-2024
https://doi.org/10.1007/978-3-031-56326-3_21
Carvalho OApolinário FEscravana NRibeiro CHong JBures MPark JCerny T(2022)CIIAProceedings of the 37th ACM/SIGAPP Symposium on Applied Computing10.1145/3477314.3507313(124-132)Online publication date: 25-Apr-2022
https://dl.acm.org/doi/10.1145/3477314.3507313
Javorník MHusák M(2022)Mission‐centric decision support in cybersecurity via Bayesian Privilege Attack GraphEngineering Reports10.1002/eng2.125384:12Online publication date: 9-Jun-2022
https://doi.org/10.1002/eng2.12538
Köpke CSrivastava KKönig LMiller NFehling-Kaschek MBurke KMangini MPraça ICanito ACarvalho OApolinário FEscravana NCarstengerdes NStelkens-Kobsch T(2021)Impact Propagation in Airport SystemsCyber-Physical Security for Critical Infrastructures Protection10.1007/978-3-030-69781-5_13(191-206)Online publication date: 18-Feb-2021
https://doi.org/10.1007/978-3-030-69781-5_13
Shim SYoon J(2019)A New Bayesian Approach to Exploring Damaged Assets by Monitoring Mission Failures Caused by Undetected AttackG Protein-Coupled Receptor Signaling10.1007/978-3-030-17982-3_15(185-196)Online publication date: 12-Apr-2019
https://doi.org/10.1007/978-3-030-17982-3_15
Silva FJacob P(2018)Mission-Centric Risk Assessment to Improve Cyber Situational AwarenessProceedings of the 13th International Conference on Availability, Reliability and Security10.1145/3230833.3233281(1-8)Online publication date: 27-Aug-2018
https://dl.acm.org/doi/10.1145/3230833.3233281
Cao CYuan LSinghal ALiu PSun XZhu S(2018)Assessing Attack Impact on Business Processes by Interconnecting Attack Graphs and Entity Dependency GraphsData and Applications Security and Privacy XXXII10.1007/978-3-319-95729-6_21(330-348)Online publication date: 10-Jul-2018
https://doi.org/10.1007/978-3-319-95729-6_21

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents