Динамический перерасчет показателей защищенности на примере определения потенциала атаки
Ключевые слова:
кибербезопасность, показатели защищенности, оценивание риска, графы атак, графы зависимостей сервисовАннотация
Анализ информационных рисков и вычисление показателей защищенности являются важными задачами для систем управления информацией и событиями безопасности (Security Information and Events Management, SIEM). Они позволяют определить текущую ситуацию в области защищенности и необходимые контрмеры. Данная статья рассматривает методику вычисления показателей защищенности во времени, близком к реальному, и демонстрирует ее применение на примере перерасчета потенциала атаки.Литература
Котенко И.В., Саенко И.Б., Полубелова О.В., Чечулин А.А. Технологии управления информацией и событиями безопасности для защиты компьютерных сетей // Проблемы информационной безопасности. Компьютерные системы. № 2, 2012. С. 57–68.
Ahmed M.S., Al-Shaer E., Khan L. A novel quantitative approach for measuring network security // Proceedings of the 27th Conference on Computer Communications (INFOCOM'08). 2008. P. 1957–1965.
Blakely B.A. Cyberprints Identifying cyber attackers by feature analysis. Doctoral Dissertation: Iowa State University. 2012.
CIS Security Metrics. The Center for Internet Security, 2009.
Dantu R., Kolan P., Cangussu J. Network risk management using attacker profiling // Security and Communication Networks, 2009. Vol.2, No.1. P. 83–96.
Dawkins J., Campbell C., Hale J. Modeling network attacks: Extending the attack tree paradigm // Proceedings of the Workshop on Statistical and Machine Learning Techniques in Computer Intrusion Detection, Johns Hopkins University, 2002.
Hoo K.J.S. How much is enough? A risk-management approach to computer security. PhD thesis, Stanford University, CA, 2000.
ISO/IEC 27005:2008, Information technology — Security techniques — Information security risk management
Jahnke M., Thul C., Martini P. Graph-based metrics for intrusion response measures in computer networks // Proceedings of the 3rd IEEE Workshop on Network Security, held in conjunction with 32th IEEE Conference on Local Computer Networks. Dublin, 2007
Kanoun W., Cuppens-Boulahia N., Cuppens F., Araujo J. Automated reaction based on risk analysis and attackers skills in intrusion detection systems // Proceedings of the third International Conference on Risks and Security of Internet and Systems (CRiSIS'08). Toezer, Tunisia, 2008. P. 117–124
Kheir N., Cuppens-Boulahia N., Cuppens F., Debar H. A service dependency model for cost-sensitive intrusion response // Proceedings of the 15th European Symposium on Research in Computer Security (ESORICS'10), 2010. P. 626–642
Kotenko I., Doynikova Е. Security metrics for risk assessment of distributed information systems // The IEEE 7th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS'2013). Proceedings. Berlin, Germany, September 12-14, 2013. P.646–650
Kotenko I., Chechulin A. A Cyber Attack Modeling and Impact Assessment Framework // 5th International Conference on Cyber Conflict 2013 (CyCon 2013). Proceedings. IEEE and NATO COE Publications. 4-7 June 2013, Tallinn, Estonia. 2013. P.119–142
Kotenko I., Chechulin A., Novikova E. Attack Modelling and Security Evaluation for Security Information and Event Management // Proceedings of the International Conference on Security and Cryptography (SECRYPT 2012), Rome, Italy, 24-27 July 2012. P. 391-394
Kotenko I., Chechulin A. Attack Modeling and Security Evaluation in SIEM Systems // International Transactions on Systems Scie nce and Applications, Vol.8, December 2012. P. 129-147
Kotenko I., Chechulin A. Computer Attack Modeling and Security Evaluation based on Attack Graphs // The IEEE 7th International Conference on “Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications” (IDAACS'2013). Proceedings. Berlin, Germany, September 12-14, 2013. P.614-619
Kotenko I., Stepashkin M. Attack graph based evaluation of network security // Proceedings of the 10th IFIP Conference on Communications and Multimedia Security (CMS'2006). Heraklion, Greece, 2006. P. 216–227
Manadhata P.K., Wing J.M. An attack surface metric // IEEE Transactions on Software Engineering, 2010. P. 371–386
MASSIF FP7 Project. MAnagement of Security information and events in Service Infrastructures. http://www.massif-project.eu
Mayer A. Operational Security Risk Metrics: Definitions, Calculations, Visualizations // Metricon 2.0. CTO RedSeal Systems, 2007
Mell P., Scarfone K., Romanosky S. A Complete Guide to the Common Vulnerability Scoring System Version 2.0, 2007
Moore A. P., Ellison R. J., Linger R. C. Attack Modeling for Information Security and Survivability // Technical Note CMU/SEI-2001-TN-001. Survivable Systems, 2001
Olsson T. Assessing security risk to a network using a statistical model of attacker community competence // Proceedings of the 11th international conference on Information and Communications Security, 2009. P. 308–324
Poolsappasit N., Dewri R., Ray I. Dynamic security risk management using Bayesian attack graphs // IEEE Transactions on Dependable and Security Computing, 2012. Vol.9, No.1. P.61–74
Schneier B. Attack Trees – Modeling Security Threats // Dr.Dobbs Journal, December, 1999
Stakhanova N., Basu S., Wong J. A cost-sensitive model for preemptive intrusion response systems // Proceedings of the 21st International Conference on Advanced Networking and Applications, Washington, DC, USA, IEEE Computer Society, 2007. P. 428–435
Wang L., Singhal A., Jajodia S., Noel S. k-zero day safety: measuring the security risk of networks against unknown attacks // Proceedings of the 15th European conference on Research in computer security, Springer-Verlag Berlin, Heidelberg, 2010. P. 573–587
Wu Y.-S., Foo B., Mao Y.-C., Bagchi S., Spafford E.H. Automated adaptive intrusion containment in systems of interacting services // Computer Networks: The International Journal of Computer and Telecommunications Networking, 2007. Vol.51. P. 1334–1360
Ahmed M.S., Al-Shaer E., Khan L. A novel quantitative approach for measuring network security // Proceedings of the 27th Conference on Computer Communications (INFOCOM'08). 2008. P. 1957–1965.
Blakely B.A. Cyberprints Identifying cyber attackers by feature analysis. Doctoral Dissertation: Iowa State University. 2012.
CIS Security Metrics. The Center for Internet Security, 2009.
Dantu R., Kolan P., Cangussu J. Network risk management using attacker profiling // Security and Communication Networks, 2009. Vol.2, No.1. P. 83–96.
Dawkins J., Campbell C., Hale J. Modeling network attacks: Extending the attack tree paradigm // Proceedings of the Workshop on Statistical and Machine Learning Techniques in Computer Intrusion Detection, Johns Hopkins University, 2002.
Hoo K.J.S. How much is enough? A risk-management approach to computer security. PhD thesis, Stanford University, CA, 2000.
ISO/IEC 27005:2008, Information technology — Security techniques — Information security risk management
Jahnke M., Thul C., Martini P. Graph-based metrics for intrusion response measures in computer networks // Proceedings of the 3rd IEEE Workshop on Network Security, held in conjunction with 32th IEEE Conference on Local Computer Networks. Dublin, 2007
Kanoun W., Cuppens-Boulahia N., Cuppens F., Araujo J. Automated reaction based on risk analysis and attackers skills in intrusion detection systems // Proceedings of the third International Conference on Risks and Security of Internet and Systems (CRiSIS'08). Toezer, Tunisia, 2008. P. 117–124
Kheir N., Cuppens-Boulahia N., Cuppens F., Debar H. A service dependency model for cost-sensitive intrusion response // Proceedings of the 15th European Symposium on Research in Computer Security (ESORICS'10), 2010. P. 626–642
Kotenko I., Doynikova Е. Security metrics for risk assessment of distributed information systems // The IEEE 7th International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS'2013). Proceedings. Berlin, Germany, September 12-14, 2013. P.646–650
Kotenko I., Chechulin A. A Cyber Attack Modeling and Impact Assessment Framework // 5th International Conference on Cyber Conflict 2013 (CyCon 2013). Proceedings. IEEE and NATO COE Publications. 4-7 June 2013, Tallinn, Estonia. 2013. P.119–142
Kotenko I., Chechulin A., Novikova E. Attack Modelling and Security Evaluation for Security Information and Event Management // Proceedings of the International Conference on Security and Cryptography (SECRYPT 2012), Rome, Italy, 24-27 July 2012. P. 391-394
Kotenko I., Chechulin A. Attack Modeling and Security Evaluation in SIEM Systems // International Transactions on Systems Scie nce and Applications, Vol.8, December 2012. P. 129-147
Kotenko I., Chechulin A. Computer Attack Modeling and Security Evaluation based on Attack Graphs // The IEEE 7th International Conference on “Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications” (IDAACS'2013). Proceedings. Berlin, Germany, September 12-14, 2013. P.614-619
Kotenko I., Stepashkin M. Attack graph based evaluation of network security // Proceedings of the 10th IFIP Conference on Communications and Multimedia Security (CMS'2006). Heraklion, Greece, 2006. P. 216–227
Manadhata P.K., Wing J.M. An attack surface metric // IEEE Transactions on Software Engineering, 2010. P. 371–386
MASSIF FP7 Project. MAnagement of Security information and events in Service Infrastructures. http://www.massif-project.eu
Mayer A. Operational Security Risk Metrics: Definitions, Calculations, Visualizations // Metricon 2.0. CTO RedSeal Systems, 2007
Mell P., Scarfone K., Romanosky S. A Complete Guide to the Common Vulnerability Scoring System Version 2.0, 2007
Moore A. P., Ellison R. J., Linger R. C. Attack Modeling for Information Security and Survivability // Technical Note CMU/SEI-2001-TN-001. Survivable Systems, 2001
Olsson T. Assessing security risk to a network using a statistical model of attacker community competence // Proceedings of the 11th international conference on Information and Communications Security, 2009. P. 308–324
Poolsappasit N., Dewri R., Ray I. Dynamic security risk management using Bayesian attack graphs // IEEE Transactions on Dependable and Security Computing, 2012. Vol.9, No.1. P.61–74
Schneier B. Attack Trees – Modeling Security Threats // Dr.Dobbs Journal, December, 1999
Stakhanova N., Basu S., Wong J. A cost-sensitive model for preemptive intrusion response systems // Proceedings of the 21st International Conference on Advanced Networking and Applications, Washington, DC, USA, IEEE Computer Society, 2007. P. 428–435
Wang L., Singhal A., Jajodia S., Noel S. k-zero day safety: measuring the security risk of networks against unknown attacks // Proceedings of the 15th European conference on Research in computer security, Springer-Verlag Berlin, Heidelberg, 2010. P. 573–587
Wu Y.-S., Foo B., Mao Y.-C., Bagchi S., Spafford E.H. Automated adaptive intrusion containment in systems of interacting services // Computer Networks: The International Journal of Computer and Telecommunications Networking, 2007. Vol.51. P. 1334–1360
Опубликован
2013-12-01
Как цитировать
Котенко, И. В., Дойникова, Е. В., & Чечулин, А. А. (2013). Динамический перерасчет показателей защищенности на примере определения потенциала атаки. Труды СПИИРАН, 7(30), 26-39. https://doi.org/10.15622/sp.30.2
Раздел
Статьи
Авторы, которые публикуются в данном журнале, соглашаются со следующими условиями:
Авторы сохраняют за собой авторские права на работу и передают журналу право первой публикации вместе с работой, одновременно лицензируя ее на условиях Creative Commons Attribution License, которая позволяет другим распространять данную работу с обязательным указанием авторства данной работы и ссылкой на оригинальную публикацию в этом журнале.
Авторы сохраняют право заключать отдельные, дополнительные контрактные соглашения на неэксклюзивное распространение версии работы, опубликованной этим журналом (например, разместить ее в университетском хранилище или опубликовать ее в книге), со ссылкой на оригинальную публикацию в этом журнале.
Авторам разрешается размещать их работу в сети Интернет (например, в университетском хранилище или на их персональном веб-сайте) до и во время процесса рассмотрения ее данным журналом, так как это может привести к продуктивному обсуждению, а также к большему количеству ссылок на данную опубликованную работу (Смотри The Effect of Open Access).
