Using an Event Data Taxonomy to Represent the Impact of Cyber Events as Geometrical Instances

Visualization and simulation models used for the evaluation and selection of security countermeasures need accurate data to compute the impact of cyber events (e.g., malicious and benign actions). The information required to build appropriate impact models depends directly on the nature of the system. The information dealt by water supply systems, for instance, is particularly different from the information obtained by energy, telecommunication, transportation, or finance systems. It is, therefore, important to properly classify the data of security events according to the nature of the system. This paper proposes an event data taxonomy based on the system’s criticality, the geographical location of the target, the time at which the information is obtained by the attacker, and the nature of the data. A use case on the impact assessment of events originated in a critical infrastructure is presented to show the applicability of the proposed taxonomy.

[1]  Hervé Debar,et al.  An n-Sided Polygonal Model to Calculate the Impact of Cyber Security Events , 2016, CRiSIS.

[2]  Hervé Debar,et al.  Selection of Mitigation Actions Based on Financial and Operational Impact Assessments , 2016, 2016 11th International Conference on Availability, Reliability and Security (ARES).

[3]  Eric Mayer Scene Of The Cybercrime Computer Forensics Handbook , 2016 .

[4]  Hervé Debar,et al.  Attack Volume Model: Geometrical Approach and Application , 2015, CRiSIS.

[5]  Frédéric Cuppens,et al.  Modelling contexts in the Or-BAC model , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[6]  Thomas Norman Risk Analysis and Security Countermeasure Selection , 2009 .

[7]  John P Sammon,et al.  Transportation Systems: Critical Infrastructure and Key Resources Sector-Specific Plan as Input to the National Infrastructure Protection Plan , 2007 .

[8]  Jeannette M. Wing,et al.  An Attack Surface Metric , 2011, IEEE Transactions on Software Engineering.

[9]  Martin C. Libicki Brandishing Cyberattack Capabilities , 2013 .

[10]  Igor V. Kotenko,et al.  Countermeasure Selection Based on the Attack and Service Dependency Graphs for Security Incident Management , 2015, CRiSIS.

[11]  Hervé Debar,et al.  RORI-based countermeasure selection using the OrBAC formalism , 2013, International Journal of Information Security.

[12]  Igor V. Kotenko,et al.  Methodological Primitives for Phased Construction of Data Visualization Models , 2015, J. Internet Serv. Inf. Secur..

[13]  Gongjun Yan,et al.  Towards intelligent transportation Cyber-Physical Systems: Real-time computing and communications perspectives , 2015, SoutheastCon 2015.

[14]  Fabio Martinelli,et al.  Towards Modelling Adaptive Attacker's Behaviour , 2012, FPS.

[15]  Insup Lee,et al.  Cyber-physical systems: The next computing revolution , 2010, Design Automation Conference.

[16]  Hervé Debar,et al.  Using a 3D Geometrical Model to Improve Accuracy in the Evaluation and Selection of Countermeasures Against Complex Cyber Attacks , 2015, SecureComm.

[17]  Sanjay B. Deshmukh,et al.  Raspberry Pi for automation of water treatment plant , 2014, 2014 International Conference on Advances in Computing, Communications and Informatics (ICACCI).

[18]  Igor V. Kotenko,et al.  Visualization Model for Monitoring of Computer Networks Security Based on the Analogue of Voronoi Diagrams , 2016, CD-ARES.

[19]  Hervé Debar,et al.  The Intrusion Detection Message Exchange Format (IDMEF) , 2007, RFC.

[20]  Michael Howard,et al.  Measuring Relative Attack Surfaces , 2005 .

[21]  Hervé Debar,et al.  Choosing Models for Security Metrics Visualization , 2017, MMM-ACNS.

[22]  Béla Genge,et al.  A system dynamics approach for assessing the impact of cyber attacks on critical infrastructures , 2015, Int. J. Crit. Infrastructure Prot..

[23]  Dongwon Kim,et al.  Enhanced ARP: preventing ARP poisoning-based man-in-the-middle attacks , 2010, IEEE Communications Letters.

[24]  Yuri Demchenko,et al.  The Incident Object Description Exchange Format , 2007, RFC.

[25]  Igor V. Kotenko,et al.  Countermeasure Selection in SIEM Systems Based on the Integrated Complex of Security Metrics , 2015, 2015 23rd Euromicro International Conference on Parallel, Distributed, and Network-Based Processing.

[26]  Public Utilities Board Singapore Managing the water distribution network with a Smart Water Grid , 2016 .

[27]  Karl Henrik Johansson,et al.  A secure control framework for resource-limited adversaries , 2012, Autom..

[28]  Erdal Cayirci,et al.  Modeling cyber attacks and their effects on decision process , 2011, Proceedings of the 2011 Winter Simulation Conference (WSC).

[29]  Nora Cuppens-Boulahia,et al.  Modeling contextual security policies , 2008, International Journal of Information Security.

[30]  Hervé Debar,et al.  Selecting optimal countermeasures for attacks against critical systems using the attack volume model and the RORI index , 2015, Comput. Electr. Eng..

[31]  Noureldien A. Noureldien,et al.  A novel taxonomy of MANET attacks , 2015, 2015 International Conference on Electrical and Information Technologies (ICEIT).

[32]  S. Shankar Sastry,et al.  A Taxonomy of Cyber Attacks on SCADA Systems , 2011, 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing.

[33]  Abdulmotaleb El-Saddik,et al.  A Comprehensive Approach to Designing Internet Security Taxonomy , 2006, 2006 Canadian Conference on Electrical and Computer Engineering.

[34]  Hervé Debar,et al.  A polytope-based approach to measure the impact of events against critical infrastructures , 2017, J. Comput. Syst. Sci..

[35]  Hervé Debar,et al.  Considering Internal Vulnerabilities and the Attacker's Knowledge to Model the Impact of Cyber Events as Geometrical Prisms , 2016, 2016 IEEE Trustcom/BigDataSE/ISPA.

[36]  Gerald Quirchmayr,et al.  A Prototype for Support of Computer Forensic Analysis Combined with the Expected Knowledge Level of an Attacker to More Efficiently Achieve Investigation Results , 2010, 2010 International Conference on Availability, Reliability and Security.

[37]  Frédéric Cuppens,et al.  Organization based access control , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[38]  Gregory White,et al.  A Taxonomy of Cyber Events Affecting Communities , 2011, 2011 44th Hawaii International Conference on System Sciences.

[39]  Mohamed Cheriet,et al.  Taxonomy of information security risk assessment (ISRA) , 2016, Comput. Secur..

[40]  Igor V. Kotenko,et al.  A Cyber Attack Modeling and Impact Assessment framework , 2013, 2013 5th International Conference on Cyber Conflict (CYCON 2013).

[41]  Luigi Coppolino,et al.  Integration of a System for Critical Infrastructure Protection with the OSSIM SIEM Platform: A dam case study , 2011, SAFECOMP.

[42]  Lui Sha,et al.  Cyber-Physical Systems: A New Frontier , 2008, 2008 IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (sutc 2008).

[43]  Artsiom Yautsiukhin,et al.  Evaluation of Adaptive Attacker Models , 2014, ESSoS Doctoral Symposium.

[44]  Mark Rollins Beginning LEGO MINDSTORMS EV3 , 2014, Apress.