Choosing Models for Security Metrics Visualization

This paper aims at finding optimal visualization models for representation and analysis of security related data, for example, security metrics, security incidents and cyber attack countermeasures. The classification of the most important security metrics and their characteristics that are important for their visualization are considered. The paper reviews existing and suggested research by the author’s data representation and visualization models. In addition, the most suitable models for different metric groups are outlined and analyzed. A case study is presented as an illustration on the way the visualization models are integrated with different metrics for security awareness.

[1]  Anoop Singhal,et al.  Security Risk Analysis of Enterprise Networks Using Probabilistic Attack Graphs , 2011 .

[2]  Igor V. Kotenko,et al.  Visualization Model for Monitoring of Computer Networks Security Based on the Analogue of Voronoi Diagrams , 2016, CD-ARES.

[3]  Jeannette M. Wing,et al.  An Attack Surface Metric , 2011, IEEE Transactions on Software Engineering.

[4]  Michael Howard,et al.  Measuring Relative Attack Surfaces , 2005 .

[5]  Danny Holten,et al.  Hierarchical Edge Bundles: Visualization of Adjacency Relations in Hierarchical Data , 2006, IEEE Transactions on Visualization and Computer Graphics.

[6]  Igor V. Kotenko,et al.  Countermeasure Selection Based on the Attack and Service Dependency Graphs for Security Incident Management , 2015, CRiSIS.

[7]  Igor V. Kotenko,et al.  Methodological Primitives for Phased Construction of Data Visualization Models , 2015, J. Internet Serv. Inf. Secur..

[8]  Hervé Debar,et al.  Considering Internal Vulnerabilities and the Attacker's Knowledge to Model the Impact of Cyber Events as Geometrical Prisms , 2016, 2016 IEEE Trustcom/BigDataSE/ISPA.

[9]  Wes Sonnenreich,et al.  Return On Security Investment (ROSI) - A Practical Quantitative Modell , 2005, J. Res. Pract. Inf. Technol..

[10]  Hervé Debar,et al.  Selecting optimal countermeasures for attacks against critical systems using the attack volume model and the RORI index , 2015, Comput. Electr. Eng..

[11]  Gianluca Dini,et al.  A Simulation Tool for Evaluating Attack Impact in Cyber Physical Systems , 2014, MESAS.

[12]  Nora Cuppens-Boulahia,et al.  A Service Dependency Model for Cost-Sensitive Intrusion Response , 2010, ESORICS.

[13]  Deepa Kundur,et al.  Towards a Framework for Cyber Attack Impact Analysis of the Electric Smart Grid , 2010, 2010 First IEEE International Conference on Smart Grid Communications.

[14]  Hervé Debar,et al.  An n-Sided Polygonal Model to Calculate the Impact of Cyber Security Events , 2016, CRiSIS.

[15]  Igor V. Kotenko,et al.  Dynamical Calculation of Security Metrics for Countermeasure Selection in Computer Networks , 2016, 2016 24th Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP).

[16]  Hervé Debar,et al.  Using a 3D Geometrical Model to Improve Accuracy in the Evaluation and Selection of Countermeasures Against Complex Cyber Attacks , 2015, SecureComm.

[17]  Mohamed Elhafiz Quantified Return on Information Security Investment - A Model for Cost-Benefit Analysis , 2016 .