Stateful RORI-based countermeasure selection using hypergraphs

Cost-sensitive metrics have been widely used during the past years as financial metrics that quantify the monetary costs and benefits of security investments, assess risks, and select countermeasures accordingly. However, due to the complexity of current attacks, and the level of dynamicity required in the estimation of the parameters composing the metrics, the use of a novel approach that considers restrictions, inter-dependency, as well as, the previous and current state at which the system is exposed to, is required. We propose in this article a Stateful Return on Response Investment (denoted by StRORI) that uses hypergraphs to model actions that have been previously deployed (e.g., at state ST₀) while the current state of the system (e.g., ST₁) is under analysis. As a result, StRORI is a dynamic tool that considers the changes of the system in terms of number of active devices, previously deployed countermeasures, the cost of adding a new countermeasure or suppressing a previously deployed one, and the effectiveness of a group of security measures due to the implementation of a given action. A case study is presented about the integration of the StRORI index with hypergraph models to assess countermeasures against cyber attacks.