Framework for risk assessment in cyber situational awareness

Xi Rongrong; Yun Xiaochun; Hao Zhiyu

Framework for risk assessment in cyber situational awareness

View Fulltext

Author(s): Xi Rongrong¹ ; Yun Xiaochun¹ ; Hao Zhiyu¹
- Affiliations: 1: Second Research Laboratory , Institute of Information Engineering, Chinese Academy of Sciences , Beijing 100089 , People's Republic of China
Source: Volume 13, Issue 2, March 2019, p. 149 – 156
DOI: 10.1049/iet-ifs.2018.5189 , Print ISSN 1751-8709, Online ISSN 1751-8717

Received 08/05/2018, Accepted 27/09/2018, Revised 31/08/2018, Published 23/10/2018

A large number of data is generated to help network analysts to evaluate the network security situation in traditional detection and prevention measures, but it is not used fully and effectively, there is not a holistic view of the network situation on it for now. To address this issue, a framework is proposed to evaluate the security situation of the network from three dimensions: threat, vulnerability and stability, and merge the results at decision level to measure the security situation of the overall network. In the case studies, the authors demonstrate how the framework is deployed in the network and how to use it to reflect the security situation of the network in real time. Results of the case study show that the framework can evaluate the security situation of the network accurately and reasonably.

References

1. 1)
  - 6. Wang, L., Singhal, A., Jajodia, S.: ‘Measuring the overall security of network configurations using attack graphs’, in Barker, S., Ahn, G.J. (Eds.): ‘Data and applications security XXI’ (Springer, Berlin Heidelberg, 2007), pp. 98–112.
2. 2)
  - 4. Jajodia, S., Noel, S., OBerry, B.: ‘Topological analysis of network attack vulnerability’, in Kumar, V., Srivastava, J., Lazarevic, A. (Eds.): ‘Managing cyber threats’ (Springer, USA, 2005), pp. 247–266.
3. 3)
  - 11. Thonnard, O., Dacier, M.: ‘A framework for attack patterns’ discovery in honeynet data’, Digit. Invest., 2008, 5, pp. S128–S139.
4. 4)
  - 5. Wang, L., Singhal, A., Jajodia, S.: ‘Measuring network security using attack graphs’. Proc. Third ACM Workshop on Quality of Protection, Alexandria, VA, October 2007, pp. 49–54.
5. 5)
  - 18. Wang, L., Jajodia, S., Singhal, A., et al: ‘k-zero day safety: a network security metric for measuring the risk of unknown vulnerabilities’, IEEE Trans. Dependable Secur. Comput., 2014, 11, (1), pp. 30–44.
6. 6)
  - 16. AS/NZS 4360: risk management. Standards Australia and Standards New Zealand, 2004.
7. 7)
  - 15. Debar, H., Curry, D.A., Feinstein, B.S.: ‘The intrusion detection message exchange format (IDMEF)’, 2007.
8. 8)
  - 10. Barford, P., Chen, Y., Goyal, A., et al: ‘Employing honeynets for network situational awareness’, in Jajodia, S., Liu, P., Swarup, V., et al (Eds.): ‘Cyber situational awareness’ (Springer, USA, 2010), pp. 71–102.
9. 9)
  - 20. Shahzad, M., Shafiq, M.Z., Liu, A.X.: ‘A large scale exploratory analysis of software vulnerability life cycles’. Proc. 34th Int. Conf. Software Engineering, 2012, pp. 771–781.
10. 10)
  - 25. ‘Nmap-free security scanner for network’. Available at http://nmap.org/, accessed January 2016.
11. 11)
  - 24. ‘OpenVAS-open vulnerability assessment system’. Available at http://www.openvas.org/, accessed January 2016.
12. 12)
  - 17. Nappa, A., Johnson, R., Bilge, L., et al: ‘The attack of the clones: a study of the impact of shared code on vulnerability patching’. IEEE Symp. Security and Privacy, 2015, pp. 692–708.
13. 13)
  - 13. Porras, P.A., Fong, M.W., Valdes, A.: ‘A mission-impact-based approach to INFOSEC alarm correlation’. Recent Advances in Intrusion Detection, 2002, pp. 95–114.
14. 14)
  - 9. Allodi, L., Massacci, F.: ‘Comparing vulnerability severity and exploits using case-control studies’, ACM Trans. Inf. Syst. Secur. (TISSEC), 2014, 17, (1), p. 1.
15. 15)
  - 2. Yin, X., Yurcik, W., Slagell, A.: ‘The design of VisFlowConnect-IP: a link analysis system for IP security situational awareness’. Int. Workshop on Information Assurance, College Park, MD, 2005, pp. 141–153.
16. 16)
  - 3. Bandes, R., Shlmeall, T., Heckathorn, M., et al: ‘Analysts handbook: using SiLK for network traffic analysis’. Software Engineering Institute, CERT Program, Pittsburgh PA, 2010.
17. 17)
  - 14. Doynikova, E., Kotenko, I.V.: ‘CVSS-based probabilistic risk assessment for cyber situational awareness and countermeasure selection’. Int. Conf. Parallel, Distributed and Network-Based Processing, 2017, pp. 346–353.
18. 18)
  - 12. Morin, B., Mé, L, Debar, H., et al: ‘M2d2: A formal data model for IDS alert correlation’. Recent Advances in Intrusion Detection, 2002, pp. 115–137.
19. 19)
  - 21. Siaterlis, C., Maglaris, V.: ‘Detecting incoming and outgoing DDoS attacks at the edge using a single set of network characteristics’. IEEE Symp. Computers and Communications, 2005, pp. 469–475.
20. 20)
  - 19. Frei, S., May, M., Fiedler, U., et al: ‘Large-scale vulnerability analysis’. Proc. 2006 SIGCOMM Workshop on Large-Scale Attack Defense, 2006, pp. 131–138.
21. 21)
  - 1. Lakkaraju, K., Yurcik, W., Lee, A.J.: ‘NVisionIP: netflow visualizations of system state for security situational awareness’. Proc. 2004 ACM Workshop on Visualization and Data Mining for Computer Security, Washington, D.C., 2004, pp. 65–72.
22. 22)
  - 23. ‘IPtraf-an IP network monitor’. Available at http://iptraf.seul.org/, accessed January 2016.
23. 23)
  - 7. Xu, D., Ning, P.: ‘Alert correlation through triggering events and common resources’. Proc. 20th Annual Computer Security Applications Conf., Tucson, AZ, December 2004, pp. 360–369.
24. 24)
  - 22. ‘Snort-he open source network intrusion detection system’. Available at http://www.snort.org, accessed January 2016.
25. 25)
  - 8. Zhai, Y., Ning, P., Iyer, P., et al: ‘Reasoning about complementary intrusion evidence’. Proc. 20th Annual Computer Security Applications Conf., Tucson, AZ, December 2004, pp. 39–48.

Login

Not registered yet?

Share

Tools

Login to add to favourites

Key

Framework for risk assessment in cyber situational awareness

References

Related content