Individual Countermeasure Selection Based on the Return On Response Investment Index

As the number of attacks, and thus the number of alerts received by Security Information and Event Management Systems (SIEMs) increases, the need for appropriate treatment of these alerts has become essential. The new generation of SIEMs focuses on the response ability to automate the process of selecting and deploying countermeasures. However, current response systems select and deploy security measures without performing a comprehensive impact analysis of attacks and response scenarios. This paper addresses this limitation by proposing a model for the automated selection of optimal security countermeasures. In addition, the paper compares previous mathematical models and studies their limitations, which lead to the creation of a new model that evaluates, ranks and selects optimal countermeasures. The model relies on the optimization of cost sensitive metrics based on the Return On Response Investment (RORI) index. The optimization compares the expected impact of the attacks when doing nothing with the expected impact after applying countermeasures. A case study of a real infrastructure is deployed at the end of the document to show the applicability of the model over a Mobile Money Transfer Service.

[1]  Do-Hoon Kim,et al.  Effective Security Safeguard Selection Process for Return on Security Investment , 2008, 2008 IEEE Asia-Pacific Services Computing Conference.

[2]  Nora Cuppens-Boulahia,et al.  A Service Dependency Model for Cost-Sensitive Intrusion Response , 2010, ESORICS.

[3]  Ryan Ribeiro de Azevedo,et al.  An Autonomic Ontology-Based Multiagent System for Intrusion Detection in Computing Environments , 2010 .

[4]  Stefano Bistarelli,et al.  Using CP-nets as a guide for countermeasure selection , 2007, SAC '07.

[5]  Wes Sonnenreich,et al.  Return On Security Investment (ROSI) - A Practical Quantitative Modell , 2005, J. Res. Pract. Inf. Technol..

[6]  Thomas Norman Risk Analysis and Security Countermeasure Selection , 2009 .

[7]  Johnny S. Wong,et al.  A Cost-Sensitive Model for Preemptive Intrusion Response Systems , 2007, 21st International Conference on Advanced Information Networking and Applications (AINA '07).

[8]  Nora Cuppens-Boulahia,et al.  Enabling automated threat response through the use of a dynamic security policy , 2007, Journal in Computer Virology.

[9]  Edgar R. Weippl,et al.  Workshop-based multiobjective security safeguard selection , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[10]  Huseyin Cavusoglu,et al.  Model for Evaluating , 2022 .

[11]  William H. Sanders,et al.  RRE: A Game-Theoretic Intrusion Response and Recovery Engine , 2014, IEEE Transactions on Parallel and Distributed Systems.

[12]  Jan vom Brocke,et al.  Return on Security Investments - Design Principles of Measurement Systems Based on Capital Budgeting , 2007, AMCIS.

[13]  Mark Jeffery,et al.  Return on Investment Analysis for E‐business Projects , 2004 .

[14]  Vasaka Visoottiviseth,et al.  Lightweight Detection of DoS Attacks , 2007, 2007 15th IEEE International Conference on Networks.

[15]  Marco Cremonini,et al.  Evaluating Information Security Investments from Attackers Perspective: the Return-On-Attack (ROA) , 2005, WEIS.