Computer attack modeling and security evaluation based on attack graphs

The paper considers an approach to computer attack modeling and security evaluation which is suggested to realize in advanced Security Information and Event Management (SIEM) systems. It is based on modeling of malefactors' behavior, building a common attack graph, processing current alerts for...

Full description

Saved in:
Bibliographic Details
Main Authors: Kotenko, Igor, Chechulin, Andrey
Format: Conference Proceeding
Language:English
Subjects:
Analytical models
attack graphs
Computational modeling
computer attack modeling
Data models
Measurement
Security
security evaluation
security information and event management
Software
Citations: Items that cite this one
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The paper considers an approach to computer attack modeling and security evaluation which is suggested to realize in advanced Security Information and Event Management (SIEM) systems. It is based on modeling of malefactors' behavior, building a common attack graph, processing current alerts for real-time adjusting of particular attack graphs, calculating different security metrics and providing security assessment procedures. The approach is intended to be implemented in the framework of the EU MASSIF project. The generalized architecture of the Attack Modeling and Security Evaluation Component (AMSEC), as one of the main analytical components of SIEM systems, is outlined. The main components and techniques for attack modeling and security evaluation are defined. A prototype of the AMSEC is specified. Experiments with this prototype are analyzed. The prototype makes use of the scenario "Managed Enterprise Service Infrastructures".
DOI:10.1109/IDAACS.2013.6662998