Determining Asset Criticality for Cyber Defense

Abstract : Current cyber network defense practices lack a standard methodology to properly determine event priority. Events are generally handled on a first-come first-serve basis. Some limited knowledge of target assets is applied, but in a non-standard manner based on the decision-maker's domain-specific knowledge. This not only requires proficient domain expertise, but is also very manpower intensive. We need an asset criticality metric that enables users to address events that target critical assets first. Determining asset criticality is not a trivial problem. The various contributing factors must be identified and combined. Hierarchical missions and commands that they support must be considered. Dependency relationships should also be factored in. In this paper, we report our ongoing research for determining asset criticality.

[1]  Subrata Chakraborty,et al.  A simulation based comparative study of normalization procedures in multiattribute decision making , 2007 .

[2]  Gary Stoneburner,et al.  SP 800-30. Risk Management Guide for Information Technology Systems , 2002 .

[3]  John D. Moteff Risk Management and Critical Infrastructure Protection: Assessing, Integrating, and Managing Threats, Vulnerabilities and Consequences , 2004 .

[4]  Thomas L. Saaty,et al.  Multicriteria Decision Making: The Analytic Hierarchy Process: Planning, Priority Setting, Resource Allocation , 1990 .

[5]  Gediminas Adomavicius,et al.  Toward the next generation of recommender systems: a survey of the state-of-the-art and possible extensions , 2005, IEEE Transactions on Knowledge and Data Engineering.

[6]  Byeong Seok Ahn,et al.  Comparing methods for multiattribute decision making with ordinal weights , 2008, Comput. Oper. Res..

[7]  John R. Goodall,et al.  Camus: Automatically mapping Cyber Assets to Missions and Users , 2009, MILCOM 2009 - 2009 IEEE Military Communications Conference.

[8]  E. Stanley Lee,et al.  An extension of TOPSIS for group decision making , 2007, Math. Comput. Model..

[9]  Ching-Lai Hwang,et al.  Multiple attribute decision making : an introduction , 1995 .

[10]  R. Darlington,et al.  Factor Analysis , 2008 .

[11]  Xinming Ou,et al.  Identifying Critical Attack Assets in Dependency Attack Graphs , 2008, ESORICS.

[12]  P. Eng,et al.  Asset Valuation Technique for Network Management and Security , 2006, Sixth IEEE International Conference on Data Mining - Workshops (ICDMW'06).

[13]  Daniele Miorandi,et al.  Eigenvector Centrality in Highly Partitioned Mobile Networks: Principles and Applications , 2007, Advances in Biologically Inspired Information Systems.

[14]  Judea Pearl,et al.  Bayesian Networks , 1998, Encyclopedia of Social Network Analysis and Mining. 2nd Ed..

[15]  Ching-Hsue Cheng,et al.  Fuzzy hierarchical TOPSIS for supplier selection , 2009, Appl. Soft Comput..

[16]  Gwo-Hshiung Tzeng,et al.  Comparison among three analytical methods for knowledge communities group-decision analysis , 2007, Expert Syst. Appl..

[17]  S. Borgatti,et al.  The centrality of groups and classes , 1999 .

[18]  Stefano Allesina,et al.  Googling Food Webs: Can an Eigenvector Measure Species' Importance for Coextinctions? , 2009, PLoS Comput. Biol..

[19]  A. Roli Artificial Neural Networks , 2012, Lecture Notes in Computer Science.

[20]  R. Bell,et al.  The million dollar programming prize , 2009, IEEE Spectrum.

[21]  Corrigendum: Novel method for decision making in the manufacturing environment , 2012 .

[22]  T. Saaty Fundamentals of the analytic network process — Dependence and feedback in decision-making with a single network , 2004 .

[23]  R. Smith,et al.  Department of Defense. , 2020, Military medicine.

[24]  Richard Wilson Risk analysis , 1986, Nature.

[25]  Walter L. Heimerdinger Scyllarus intrusion detection report correlator and analyzer , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[26]  J. Fülöp Introduction to Decision Making Methods , 2005 .