TY - GEN
T1 - A pyramidal-based model to compute the impact of cyber security events
AU - Gonzalez-Granadillo, Gustavo
AU - Rubio-Hernan, Jose
AU - Garcia-Alfaro, Joaquin
N1 - Publisher Copyright:
© 2018 Association for Computing Machinery.
PY - 2018/8/27
Y1 - 2018/8/27
N2 - This paper presents a geometrical model that projects malicious and benign events (e.g., attacks, security countermeasures) as pyramidal instances in a multidimensional coordinate system. The approach considers internal event data related to the target system (e.g., users, physical, and logical resources, IP addresses, port numbers, etc.), and external event data related to the attacker (e.g., knowledge, motivation, skills, etc.) that can be obtained a priori and a posteriori. Internal data is used to model the base of the pyramid, whereas external data is used to model its height. In addition, the approach considers state transitions taken by the attacker to model the steps of a multi-stage attack to reach to its final goal. As a result, for each modeled state, new countermeasures are evaluated and the attacker's knowledge a posteriori changes accordingly, making it possible to evaluate the impact of the attack at time Ti, where i denotes the stage at which the attack is executed. A graphical representation of the impact of each evaluated event is depicted for visualization purposes. A use case of a cyber-physical system is proposed at the end of the paper to illustrate the applicability of the proposed geometrical model.
AB - This paper presents a geometrical model that projects malicious and benign events (e.g., attacks, security countermeasures) as pyramidal instances in a multidimensional coordinate system. The approach considers internal event data related to the target system (e.g., users, physical, and logical resources, IP addresses, port numbers, etc.), and external event data related to the attacker (e.g., knowledge, motivation, skills, etc.) that can be obtained a priori and a posteriori. Internal data is used to model the base of the pyramid, whereas external data is used to model its height. In addition, the approach considers state transitions taken by the attacker to model the steps of a multi-stage attack to reach to its final goal. As a result, for each modeled state, new countermeasures are evaluated and the attacker's knowledge a posteriori changes accordingly, making it possible to evaluate the impact of the attack at time Ti, where i denotes the stage at which the attack is executed. A graphical representation of the impact of each evaluated event is depicted for visualization purposes. A use case of a cyber-physical system is proposed at the end of the paper to illustrate the applicability of the proposed geometrical model.
KW - Countermeasure selection
KW - Decision support tool
KW - Event impact representation
KW - Geometrical model
KW - Pyramidal model
KW - Visualization
U2 - 10.1145/3230833.3230847
DO - 10.1145/3230833.3230847
M3 - Conference contribution
AN - SCOPUS:85055276584
T3 - ACM International Conference Proceeding Series
BT - ARES 2018 - 13th International Conference on Availability, Reliability and Security
PB - Association for Computing Machinery
T2 - 13th International Conference on Availability, Reliability and Security, ARES 2018
Y2 - 27 August 2018 through 30 August 2018
ER -