research-article

Decision Support for Mission-Centric Cyber Defence

Authors:

Michal Javorník,

Jana Komárková,

Martin HusákAuthors Info & Claims

ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and Security

Article No.: 34, Pages 1 - 8

https://doi.org/10.1145/3339252.3340522

Published: 26 August 2019 Publication History

Abstract

In this paper, we propose a novel approach to enterprise mission modeling and mission-centric decision support for cybersecurity operations. The goal of the decision support analytical process is to suggest an effective response for an ongoing attack endangering established mission security requirements. First, we propose an enterprise mission decomposition model to represent the requirements of the missions' processes and components on their confidentiality, integrity, availability. The model is illustrated in a real-world scenario of a medical information system. Second, we propose an analytical process that calculates mission resilience metrics using the attack graphs and Bayesian network reasoning. The process is designed to help cybersecurity operations teams in understanding the complexity of a situation and decision making concerning requirements on enterprise missions.

References

[1]

Brian Argauer and Shanchieh Jay Yang. 2008. VTAC: virtual terrain assisted impact assessment for cyber attacks. In Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security.

[2]

Bingrui Foo, Y-S Wu, Y-C Mao, Saurabh Bagchi, and Eugene Spafford. 2005. ADEPTS: adaptive intrusion response using attack graphs in an e-commerce environment. In Dependable Systems and Networks, 2005. DSN 2005. Proceedings. International Conference on. IEEE, 508--517.

Digital Library

[3]

Jared Holsopple and Shanchieh Jay Yang. 2008. FuSIA: Future situation and impact awareness. In Information Fusion, 2008 11th International Conference on. IEEE, 1--8.

[4]

Kaixing Huang, Chunjie Zhou, Yu-Chu Tian, Shuanghua Yang, and Yuanqing Qin. 2018. Assessing the Physical Impact of Cyberattacks on Industrial Cyber-Physical Systems. IEEE Transactions on Industrial Electronics 65, 10 (Oct 2018), 8153--8162.

[5]

Martin Husák, Jana Komárková, Elias Bou-Harb, and Pavel Čeleda. 2019. Survey of Attack Projection, Prediction, and Forecasting in Cyber Security. IEEE Communications Surveys Tutorials 21, 1 (Firstquarter 2019), 640--660.

[6]

Sushil Jajodia, Peng Liu, Vipin Swarup, and Cliff Wang. 2010. Cyber situational awareness. Vol. 14. Springer.

[7]

Gabriel Jakobson. 2014. Mission Resilience. Springer International Publishing, Cham, 297--322.

[8]

Kerem Kaynar. 2016. A taxonomy for attack graph generation and usage in network security. Journal of Information Security and Applications 29 (2016), 27--56.

Digital Library

[9]

Nizar Kheir, Nora Cuppens-Boulahia, Frédéric Cuppens, and Hervé Debar. 2010. A Service Dependency Model for Cost-Sensitive Intrusion Response. In Computer Security -- ESORICS 2010. Springer Berlin Heidelberg, Berlin, Heidelberg, 626--642.

Digital Library

[10]

Alexander Kott, Cliff Wang, and Robert F. Erbacher. 2015. Cyber defense and situational awareness. Vol. 62. Springer.

Digital Library

[11]

Wenke Lee, Wei Fan, Matthew Miller, Salvatore J. Stolfo, and Erez Zadok. 2002. Toward cost-sensitive modeling for intrusion detection and response. Journal of computer security 10, 1-2 (2002), 5--22.

Digital Library

[12]

Lundy Lewis, Gabriel Jakobson, and John Buford. 2008. Enabling cyber situation awareness, impact assessment, and situation projection. In MILCOM 2008 - 2008 IEEE Military Communications Conference.

[13]

Sven Ossenbühl, Jessica Steinberger, and Harald Baier. 2015. Towards automated incident handling: How to select an appropriate response against a network-based attack?. In IT Security Incident Management & IT Forensics (IMF), 2015 Ninth International Conference on. IEEE, 51--67.

Digital Library

[14]

Xinming Ou, Sudhakar Govindavajhala, and Andrew W Appel. 2005. MulVAL: A Logic-based Network Security Analyzer. In USENIX Security Symposium. Baltimore, MD, 8--8.

Digital Library

[15]

Cynthia Phillips and Laura Painton Swiler. 1998. A Graph-based System for Network-vulnerability Analysis. In Proceedings of the 1998 Workshop on New Security Paradigms (NSPW '98). ACM, New York, NY, USA, 71--79.

Digital Library

[16]

Nayot Poolsappasit, Rinku Dewri, and Indrajit Ray. 2012. Dynamic Security Risk Management Using Bayesian Attack Graphs. IEEE Transactions on Dependable and Secure Computing 9, 1 (Jan 2012), 61--74.

Digital Library

[17]

Phillip A. Porras, Martin W. Fong, and Alfonso Valdes. 2002. A mission-impact-based approach to INFOSEC alarm correlation. In International Workshop on Recent Advances in Intrusion Detection. Springer, 95--114.

Digital Library

[18]

Oleg Sheyner, Joshua Haines, Somesh Jha, Richard Lippmann, and Jeannette M. Wing. 2002. Automated generation and analysis of attack graphs. In Security and privacy, 2002. Proceedings. 2002 IEEE Symposium on. IEEE, 273--284.

Digital Library

[19]

Chris Strasburg, Natalia Stakhanova, Samik Basu, and Johnny S. Wong. 2009. A framework for cost sensitive assessment of intrusion response selection. In Computer Software and Applications Conference, 2009. COMPSAC'09. 33rd Annual IEEE International, Vol. 1. IEEE, 355--360.

Digital Library

[20]

Christopher Roy Strasburg, Natalia Stakhanova, Samik Basu, and Johnny S. Wong. 2008. The methodology for evaluating response cost for intrusion response systems. Computer Science Technical Reports 199 (2008).

[21]

Fredrik Valeur, Giovanni Vigna, Christopher Kruegel, and Richard A. Kemmerer. 2004. Comprehensive approach to intrusion detection alert correlation. IEEE Transactions on dependable and secure computing 1, 3 (2004), 146--169.

Digital Library

[22]

Shengwei Yi, Yong Peng, Qi Xiong, Ting Wang, Zhonghua Dai, Haihui Gao, Junfeng Xu, Jiteng Wang, and Lijuan Xu. 2013. Overview on attack graph generation and visualization technology. In Anti-counterfeiting, security and identification (asid), 2013 ieee international conference on. IEEE, 1--6.

Cited By

Bennouk KAit Aali NEl Bouzekri El Idrissi YSebai BFaroukhi AMahouachi D(2024)A Comprehensive Review and Assessment of Cybersecurity Vulnerability Detection MethodologiesJournal of Cybersecurity and Privacy10.3390/jcp40400404:4(853-908)Online publication date: 7-Oct-2024
https://doi.org/10.3390/jcp4040040
Javorník MHusák M(2022)Mission‐centric decision support in cybersecurity via Bayesian Privilege Attack GraphEngineering Reports10.1002/eng2.125384:12Online publication date: 9-Jun-2022
https://doi.org/10.1002/eng2.12538
Javornik MKomarkova JSadlek LHusak M(2020)Decision Support for Mission-Centric Network Security ManagementNOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium10.1109/NOMS47738.2020.9110261(1-6)Online publication date: Apr-2020
https://doi.org/10.1109/NOMS47738.2020.9110261

Index Terms

Decision Support for Mission-Centric Cyber Defence
1. Networks
  1. Network properties
    1. Network security
2. Security and privacy
  1. Formal methods and theory of security
    1. Formal security models

Recommendations

Mission-Centric Risk Assessment to Improve Cyber Situational Awareness
ARES '18: Proceedings of the 13th International Conference on Availability, Reliability and Security

Cyber situational awareness has become increasingly important for proactive risk management to help detect and mitigate cyber attacks. Being aware of the importance of individual information system assets to the goal or mission of the organisation is ...
Cyber Attacks Prediction Model Based on Bayesian Network
ICPADS '12: Proceedings of the 2012 IEEE 18th International Conference on Parallel and Distributed Systems

Cyber attacks prediction is an important part of risk management. Existing cyber attacks prediction methods did not fully consider the specific environment factors of the target network, which may make the results deviate from the true situation. In ...
Game-theoretic APT defense: An experimental study on robotics
Highlights
- Defense model against stealthy intruders, without signaling or intrusion detection.
- Two case studies from industrial real-life robots.
- Model can use attack graphs with/without probabilities, exploit complexities, etc.
- Coverage ...
Graphical abstract

Display Omitted

Abstract
This paper proposes a novel game-theoretic framework for defending against Advanced Persistent Threats (APTs). It applies the original Cut-The-Rope model into an experimental study extending the previously studied attacker movements beyond the ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ARES '19: Proceedings of the 14th International Conference on Availability, Reliability and Security

August 2019

979 pages

ISBN:9781450371643

DOI:10.1145/3339252

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 August 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ARES '19

ARES '19: 14th International Conference on Availability, Reliability and Security

August 26 - 29, 2019

CA, Canterbury, United Kingdom

Acceptance Rates

Overall Acceptance Rate 228 of 451 submissions, 51%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
163
Total Downloads

Downloads (Last 12 months)18
Downloads (Last 6 weeks)1

Reflects downloads up to 07 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Bennouk KAit Aali NEl Bouzekri El Idrissi YSebai BFaroukhi AMahouachi D(2024)A Comprehensive Review and Assessment of Cybersecurity Vulnerability Detection MethodologiesJournal of Cybersecurity and Privacy10.3390/jcp40400404:4(853-908)Online publication date: 7-Oct-2024
https://doi.org/10.3390/jcp4040040
Javorník MHusák M(2022)Mission‐centric decision support in cybersecurity via Bayesian Privilege Attack GraphEngineering Reports10.1002/eng2.125384:12Online publication date: 9-Jun-2022
https://doi.org/10.1002/eng2.12538
Javornik MKomarkova JSadlek LHusak M(2020)Decision Support for Mission-Centric Network Security ManagementNOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium10.1109/NOMS47738.2020.9110261(1-6)Online publication date: Apr-2020
https://doi.org/10.1109/NOMS47738.2020.9110261

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents