CVSS-based Probabilistic Risk Assessment for Cyber Situational Awareness and Countermeasure Selection

The paper suggests several techniques for computer network risk assessment based on Common Vulnerability Scoring System (CVSS) and attack modeling. Techniques use a set of integrated security metrics and consider input data from security information and event management (SIEM) systems. Risk assessment techniques differ according to the used input data. They allow to get risk assessment considering requirements to the accuracy and efficiency. Input data includes network characteristics, attacks, attacker characteristics, security events and countermeasures. The tool that implements these techniques is presented. Experiments demonstrate operation of the techniques for different security situations.

[1]  Indrajit Ray,et al.  Dynamic Security Risk Management Using Bayesian Attack Graphs , 2012, IEEE Transactions on Dependable and Secure Computing.

[2]  Igor V. Kotenko,et al.  The CAPEC based generator of attack scenarios for network security evaluation , 2015, 2015 IEEE 8th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS).

[3]  Yancheng Wang,et al.  A Novel Comprehensive Network Security Assessment Approach , 2011, 2011 IEEE International Conference on Communications (ICC).

[4]  Jeannette M. Wing,et al.  An Attack Surface Metric , 2011, IEEE Transactions on Software Engineering.

[5]  Marco Cremonini,et al.  Evaluating Information Security Investments from Attackers Perspective: the Return-On-Attack (ROA) , 2005, WEIS.

[6]  Eugene H. Spafford,et al.  Automated adaptive intrusion containment in systems of interacting services , 2007, Comput. Networks.

[7]  Nora Cuppens-Boulahia,et al.  A Service Dependency Model for Cost-Sensitive Intrusion Response , 2010, ESORICS.

[8]  Igor V. Kotenko,et al.  Security metrics for risk assessment of distributed information systems , 2013, 2013 IEEE 7th International Conference on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS).

[9]  Sushil Jajodia,et al.  Measuring network security using dynamic bayesian network , 2008, QoP '08.

[10]  Igor V. Kotenko,et al.  Security Assessment of Computer Networks Based on Attack Graphs and Security Events , 2014, ICT-EurAsia.

[11]  Anoop Singhal,et al.  Security Risk Analysis of Enterprise Networks Using Probabilistic Attack Graphs , 2011 .