Attack Modelling and Security Evaluation for Security Information and Event Management

Igor Kotenko, Andrey Chechulin, Evgenia Novikova

2012

Abstract

The paper considers an approach to attack modelling in Security Information and Event Management (SIEM) systems. The suggested approach incorporates usage of service dependency graphs and zero-day vulnerabilities to produce attack graph, calculation of security metrics based on attack graph and service dependencies and advanced any-time techniques for attack graph generation and security evaluation, etc.

References

  1. CPE, 2012. Common Platform Enumeration, viewed 01 March 2012, <http://cpe.mitre.org/>.
  2. CVE,2012. Common Vulnerabilities and Exposures. viewed 01 March 2012, <http://cve.mitre.org/>.
  3. CVSS,2012. Common Vulnerability Scoring System, viewed 01 March 2012, <http://www.first.org/cvss/>.
  4. Dawkins, J., Campbell, C., Hale. J., 2002. Modeling network attacks: Extending the attack tree paradigm. In Workshop on Statistical and Machine Learning Techniques in Computer Intrusion Detection, Johns Hopkins University.
  5. Hariri, S., Qu, G., Dharmagadda, T., Ramkishore, M., Raghavendra C. S., 2003. Impact Analysis of Faults and Attacks in Large-Scale Networks. In IEEE Security and Privacy, vol.1 pp.49-54.
  6. Huang, M.-Y., Wicks, T. M., 1998. A Large-scale Distributed Intrusion Detection Framework Based on Attack Strategy Analysis. In First International Workshop on the Recent Advances in Intrusion Detection, Raid'98, Louvain-la-Neuve, Belgium.
  7. Ingols, K., Chu, M., Lippmann, R., Webster, S., Boyer, S., 2009. Modeling modern network attacks and countermeasures using attack graphs. In Proceedings of the 2009 Annual Computer Security Applications Conference (ACSAC 7809), Washington, D.C., USA, IEEE Computer Society.
  8. Kheir, N., Cuppens-Boulahia, N., Cuppens F. and Debar H., 2010. A service dependency model for costsensitive intrusion response. In Proceedings of the 15th European Symposium on Research in Computer Security (ESORICS), Athens, Greece.
  9. Kotenko, I., Stepashkin, M., 2006. Attack Graph based Evaluation of Network Security. In Lecture Notes in Computer Science, Vol. 4237, pp.216-227.
  10. Kotenko, I., Stepashkin, M., Doynikova, E., 2011. Security Analysis of Computer-aided Systems taking into account Social Engineering Attacks In Proceedings of the 19th Euromicro International Conference on Parallel, Distributed and networkbased Processing (PDP 2011), Los Alamitos, California. IEEE Computer Society, pp.611-618.
  11. Lippmann, R., Ingols, K., 2006. Validating and Restoring Defense in Depth Using Attack Graphs. In Proceedings of MILCOM 2006. Washington, DC.
  12. MSM, 2012. Making Security Measurable, viewed 01 March 2012, http://measurablesecurity.mitre.org/ index.html>.
  13. MASSIF, 2012. Massif project, viewed 01 March 2012, <http://www.massif-project.eu>
  14. Miller, D. R., Harris, Sh., Harper, A. A., VanDyke, S., Black, Ch. 2011. Security Information and Event Management (SIEM) Implementation. McGraw-Hill Companies. 2011. 430 p.
  15. Moore, A. P., Ellison, R. J., Linger, R. C., 2001. Attack Modeling for Information Security and Survivability. Technical Note CMU/SEI-2001-TN-001. Survivable Systems.
  16. Noel, S., Jajodia, S., O'Berry, B., Jacobs, M., 2003. Efficient minimum-cost network hardening via exploit dependency graphs. In Proceedings of the 19th Annual Computer Security Applications Conference (ACSAC'03).
  17. NVD, 2012. National Vulnerability Database viewed 01 March 2012, <http://nvd.nist.gov/>
  18. Wang, L., Islam, T., Long, T., Singhal, A., Jajodia, S., 2008. An attack graph-based probabilistic security metric. In Proceedings of the 22nd Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec'08).
  19. Wang, L., Jajodia, S., Singhal, A., Noel, S., 2010. k-Zero Day Safety: Measuring the Security Risk of Networks against Unknown Attacks. In ESORICS'10 Proceedings of the 15th European conference on Research in computer security. Springer-Verlag, Berlin, Heidelberg, pp.573-587.
  20. Wang, L., Whitley, J. N., Phan, R. C. W., Parish, D. J., 2011. Unified Parametrizable Attack Tree. In International Journal for Information Security Research, Vol.1 (1), pp. 20-26.
Download


Paper Citation


in Harvard Style

Kotenko I., Chechulin A. and Novikova E. (2012). Attack Modelling and Security Evaluation for Security Information and Event Management . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012) ISBN 978-989-8565-24-2, pages 391-394. DOI: 10.5220/0004063403910394


in Bibtex Style

@conference{secrypt12,
author={Igor Kotenko and Andrey Chechulin and Evgenia Novikova},
title={Attack Modelling and Security Evaluation for Security Information and Event Management},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)},
year={2012},
pages={391-394},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004063403910394},
isbn={978-989-8565-24-2},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2012)
TI - Attack Modelling and Security Evaluation for Security Information and Event Management
SN - 978-989-8565-24-2
AU - Kotenko I.
AU - Chechulin A.
AU - Novikova E.
PY - 2012
SP - 391
EP - 394
DO - 10.5220/0004063403910394