TY - GEN
T1 - Individual countermeasure selection based on the return on response investment index
AU - Gonzalez Granadillo, Gustavo
AU - Débar, Hervé
AU - Jacob, Grégoire
AU - Gaber, Chrystel
AU - Achemlal, Mohammed
PY - 2012/1/1
Y1 - 2012/1/1
N2 - As the number of attacks, and thus the number of alerts received by Security Information and Event Management Systems (SIEMs) increases, the need for appropriate treatment of these alerts has become essential. The new generation of SIEMs focuses on the response ability to automate the process of selecting and deploying countermeasures. However, current response systems select and deploy security measures without performing a comprehensive impact analysis of attacks and response scenarios. This paper addresses this limitation by proposing a model for the automated selection of optimal security countermeasures. In addition, the paper compares previous mathematical models and studies their limitations, which lead to the creation of a new model that evaluates, ranks and selects optimal countermeasures. The model relies on the optimization of cost sensitive metrics based on the Return On Response Investment (RORI) index. The optimization compares the expected impact of the attacks when doing nothing with the expected impact after applying countermeasures. A case study of a real infrastructure is deployed at the end of the document to show the applicability of the model over a Mobile Money Transfer Service.
AB - As the number of attacks, and thus the number of alerts received by Security Information and Event Management Systems (SIEMs) increases, the need for appropriate treatment of these alerts has become essential. The new generation of SIEMs focuses on the response ability to automate the process of selecting and deploying countermeasures. However, current response systems select and deploy security measures without performing a comprehensive impact analysis of attacks and response scenarios. This paper addresses this limitation by proposing a model for the automated selection of optimal security countermeasures. In addition, the paper compares previous mathematical models and studies their limitations, which lead to the creation of a new model that evaluates, ranks and selects optimal countermeasures. The model relies on the optimization of cost sensitive metrics based on the Return On Response Investment (RORI) index. The optimization compares the expected impact of the attacks when doing nothing with the expected impact after applying countermeasures. A case study of a real infrastructure is deployed at the end of the document to show the applicability of the model over a Mobile Money Transfer Service.
KW - Countermeasure Selection
KW - Impact Analysis
KW - Mobile Money Transfer Service
KW - Return On Response Investment
KW - Risk Mitigation
U2 - 10.1007/978-3-642-33704-8_14
DO - 10.1007/978-3-642-33704-8_14
M3 - Conference contribution
AN - SCOPUS:84881163208
SN - 9783642337031
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 156
EP - 170
BT - 6th International Conference on Mathematical Methods, Models and Architectures for Computer Network Security, MMM-ACNS 2012, Proceedings
PB - Springer Verlag
T2 - 6th International Conference on Mathematical Methods, Models and Architectures for Computer Network Security, MMM-ACNS 2012
Y2 - 17 October 2012 through 19 October 2012
ER -