Identifying cyber risk hotspots: A framework for measuring temporal variance in computer network risk

Modern computer networks generate significant volume of behavioural system logs on a daily basis. Such networks comprise many computers with Internet connectivity, and many users who access the Web and utilise Cloud services make use of numerous devices connected to the network on an ad-hoc basis. Measuring the risk of cyber attacks and identifying the most recent modus-operandi of cyber criminals on large computer networks can be difficult due to the wide range of services and applications running within the network, the multiple vulnerabilities associated with each application, the severity associated with each vulnerability, and the ever-changing attack vector of cyber criminals. In this paper we propose a framework to represent these features, enabling real-time network enumeration and traffic analysis to be carried out, in order to produce quantified measures of risk at specific points in time. We validate the approach using data from a University network, with a data collection consisting of 462,787 instances representing threats measured over a 144 hour period. Our analysis can be generalised to a variety of other contexts.

[1]  Ram Dantu,et al.  Network risk management using attacker profiling , 2009, Secur. Commun. Networks.

[2]  Yu Liu,et al.  Network vulnerability assessment using Bayesian networks , 2005, SPIE Defense + Commercial Sensing.

[3]  Peng Liu,et al.  Using Bayesian networks for cyber security analysis , 2010, 2010 IEEE/IFIP International Conference on Dependable Systems & Networks (DSN).

[4]  Ram Dantu,et al.  Risk management using behavior based attack graphs , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[5]  Ram Dantu,et al.  Classification of Attributes and Behavior in Risk Management Using Bayesian Networks , 2007, 2007 IEEE Intelligence and Security Informatics.

[6]  Youki Kadobayashi,et al.  Exploring attack graph for cost-benefit security hardening: A probabilistic approach , 2013, Comput. Secur..

[7]  Nora Cuppens-Boulahia,et al.  A Service Dependency Model for Cost-Sensitive Intrusion Response , 2010, ESORICS.

[8]  Pin-Han Ho,et al.  Measuring IDS-estimated attack impacts for rational incident response: A decision theoretic approach , 2009, Comput. Secur..

[9]  Pete Burnap,et al.  Self Protecting Data for De-perimeterised Information Sharing , 2009, 2009 Third International Conference on Digital Society.

[10]  Yingjiu Li,et al.  An intrusion response decision-making model based on hierarchical task network planning , 2010, Expert Syst. Appl..

[11]  Ketil Stølen,et al.  Model-Driven Risk Analysis - The CORAS Approach , 2010 .

[12]  日本規格協会 情報技術-セキュリティ技術-情報セキュリティマネジメントシステム-要求事項 : 国際規格ISO/IEC 27001 = Information technology-Security techniques-Information security management systems-Requirements : ISO/IEC 27001 , 2005 .

[13]  Alexander Kott,et al.  The Promises and Challenges of Continuous Monitoring and Risk Scoring , 2013, IEEE Security & Privacy.

[14]  Nora Cuppens-Boulahia,et al.  Automated reaction based on risk analysis and attackers skills in intrusion detection systems , 2008, 2008 Third International Conference on Risks and Security of Internet and Systems.

[15]  Sushil Jajodia,et al.  Measuring network security using dynamic bayesian network , 2008, QoP '08.

[17]  Mohamed Cheriet,et al.  Taxonomy of intrusion risk assessment and response system , 2014, Comput. Secur..

[18]  Indrajit Ray,et al.  Dynamic Security Risk Management Using Bayesian Attack Graphs , 2012, IEEE Transactions on Dependable and Secure Computing.