TY - GEN
T1 - Combination approach to select optimal countermeasures based on the RORI index
AU - Granadillo, Gustavo Gonzalez
AU - Jacob, Greagoire
AU - Debar, Herve
AU - Coppolino, Luigi
PY - 2012/12/1
Y1 - 2012/12/1
N2 - As new and more sophisticated computer attacks appear across the Internet, sometimes with unknown dimensions and criticality, the implementation of individual security solutions become less effective and in some cases useless. Instead, a combined approach is required to guarantee an appropriate and cost-effective mitigation of such attacks. Most of the current work suggests the deployment of multiple countermeasures as a single treatment to mitigate the effects of complex attacks. However, the methodology to analyze and evaluate combined solutions is either hardly explained or very complicated to implement. This paper, therefore proposes a simple and well-structured approach to select the optimal combination of countermeasures by maximizing the cost-effectiveness ratio of the countermeasures, this ratio being measured by the Return on Response Investment (RORI) index. A case study is provided at the end of the document to show the applicability of the model over a critical infrastructure process control.
AB - As new and more sophisticated computer attacks appear across the Internet, sometimes with unknown dimensions and criticality, the implementation of individual security solutions become less effective and in some cases useless. Instead, a combined approach is required to guarantee an appropriate and cost-effective mitigation of such attacks. Most of the current work suggests the deployment of multiple countermeasures as a single treatment to mitigate the effects of complex attacks. However, the methodology to analyze and evaluate combined solutions is either hardly explained or very complicated to implement. This paper, therefore proposes a simple and well-structured approach to select the optimal combination of countermeasures by maximizing the cost-effectiveness ratio of the countermeasures, this ratio being measured by the Return on Response Investment (RORI) index. A case study is provided at the end of the document to show the applicability of the model over a critical infrastructure process control.
UR - https://www.scopus.com/pages/publications/84874458030
U2 - 10.1109/INTECH.2012.6457801
DO - 10.1109/INTECH.2012.6457801
M3 - Conference contribution
AN - SCOPUS:84874458030
SN - 9781467326780
T3 - 2nd International Conference on Innovative Computing Technology, INTECH 2012
SP - 38
EP - 45
BT - 2nd International Conference on Innovative Computing Technology, INTECH 2012
T2 - 2nd International Conference on the Innovative Computing Technology, INTECH 2012
Y2 - 18 September 2012 through 20 September 2012
ER -