A collaborative approach for national cybersecurity incident management

Purpose Collaborative-based national cybersecurity incident management benefits from the huge size of incident information, large-scale information security devices and aggregation of security skills. However, no existing collaborative approach has been able to cater for multiple regulators, divergent incident views and incident reputation trust issues that national cybersecurity incident management presents. This paper aims to propose a collaborative approach to handle these issues cost-effectively. Design/methodology/approach A collaborative-based national cybersecurity incident management architecture based on ITU-T X.1056 security incident management framework is proposed. It is composed of the cooperative regulatory unit with cooperative and third-party management strategies and an execution unit, with incident handling and response strategies. Novel collaborative incident prioritization and mitigation planning models that are fit for incident handling in national cybersecurity incident management are proposed. Findings Use case depicting how the collaborative-based national cybersecurity incident management would function within a typical information and communication technology ecosystem is illustrated. The proposed collaborative approach is evaluated based on the performances of an experimental cyber-incident management system against two multistage attack scenarios. The results show that the proposed approach is more reliable compared to the existing ones based on descriptive statistics. Originality/value The approach produces better incident impact scores and rankings than standard tools. The approach reduces the total response costs by 8.33% and false positive rate by 97.20% for the first attack scenario, while it reduces the total response costs by 26.67% and false positive rate by 78.83% for the second attack scenario.

[1]  K. Omotoso,et al.  Prospects of Nigeria’s ICT Infrastructure for E-Commerce and Cashless Economy , 2016 .

[2]  M.E. Locasto,et al.  Towards collaborative security and P2P intrusion detection , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[3]  Ehab Al-Shaer,et al.  Alert prioritization in Intrusion Detection Systems , 2008, NOMS 2008 - 2008 IEEE Network Operations and Management Symposium.

[4]  H. W. Kee,et al.  Conceptual and methodological considerations in the study of trust and suspicion , 1970 .

[5]  John K. Butler Toward Understanding and Measuring Conditions of Trust: Evolution of a Conditions of Trust Inventory , 1991 .

[6]  Vern Paxson,et al.  How to Own the Internet in Your Spare Time , 2002, USENIX Security Symposium.

[7]  Gaël Varoquaux,et al.  Scikit-learn: Machine Learning in Python , 2011, J. Mach. Learn. Res..

[8]  Florian Skopik,et al.  A collaborative cyber incident management system for European interconnected critical infrastructures , 2017, J. Inf. Secur. Appl..

[9]  Peng Zhang,et al.  Collaborative network security in multi-tenant data center for cloud computing , 2014 .

[10]  Wenke Lee,et al.  Statistical Causality Analysis of INFOSEC Alert Data , 2003, RAID.

[11]  Xin Jiang,et al.  Cloud computing-based forensic analysis for collaborative network security management system , 2013 .

[12]  J.S. Baras,et al.  Distributed change detection for worms, DDoS and other network attacks , 2004, Proceedings of the 2004 American Control Conference.

[13]  V. Bharadwaj,et al.  A collaborative architecture for intrusion detection systems with intelligent agents and knowledge-based alert evaluation , 2004, 8th International Conference on Computer Supported Cooperative Work in Design.

[14]  N. E. Weiss Legislation to Facilitate Cybersecurity Information Sharing: Economic Analysis [December 11, 2014] , 2014 .

[15]  Dong Li,et al.  A Data Mining Approach to Generating Network Attack Graph for Intrusion Prediction , 2007, Fourth International Conference on Fuzzy Systems and Knowledge Discovery (FSKD 2007).

[16]  Hamid Farhadi,et al.  Alert correlation and prediction using data mining and HMM , 2011, ISC Int. J. Inf. Secur..

[18]  B. Nath,et al.  Discovering Association Rules from Incremental Datasets , 2010 .

[19]  Mohamed Ben Ahmed,et al.  Hybrid Intrusion Detection and Prediction multiAgent System HIDPAS , 2009, ArXiv.

[20]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[21]  Lauri Oksama,et al.  Nationwide critical infrastructure monitoring using a common operating picture framework , 2018, Int. J. Crit. Infrastructure Prot..

[22]  Vinod Yegneswaran,et al.  HogMap: Using SDNs to Incentivize Collaborative Security Monitoring , 2016, SDN-NFV@CODASPY.

[23]  J. H. Davis,et al.  An Integrative Model Of Organizational Trust , 1995 .

[24]  Aditya Gaydhani,et al.  Detecting Hate Speech and Offensive Language on Twitter using Machine Learning: An N-gram and TFIDF based Approach , 2018, ArXiv.

[25]  Wei Wang,et al.  A Game Theory Based Collaborative Security Detection Method for Internet of Things Systems , 2018, IEEE Transactions on Information Forensics and Security.

[26]  Alfonso Valdes,et al.  A Mission-Impact-Based Approach to INFOSEC Alarm Correlation , 2002, RAID.

[27]  Kai Hwang,et al.  Collaborative Detection of DDoS Attacks over Multiple Network Domains , 2007, IEEE Transactions on Parallel and Distributed Systems.