Intelligent Decision Support for Cybersecurity Incident Response Teams: Autonomic Architecture and Mitigation Search

Correa, Camilo; Robin, Jacques; Mazo, Raúl; Abreu, Salvador

doi:10.1007/978-3-031-02067-4_6

Cited by 3 publications

(5 citation statements)

References 34 publications

(25 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We were inspired by these works in the creation of our own mission decomposition model presented in our earlier paper 4 . The model used in our work uses the AND/OR notation and is based on the constraint satisfaction problem 17,20,24,25 . The difference between our approach and the related work is that we do not consider mission capacity; functional requirements, that is, constraints, are a binary matter.…”

Section: Related Workmentioning

confidence: 99%

“…However, the paper's main contribution is a proposed stochastic optimization model to handle uncertainties in breach probability estimation. Correa et al 25 optimized the selection of countermeasures at runtime, formalized the attack mitigation search task as a constraint optimization problem, and proposed an autonomic computing architecture including a precise set of technologies for each of its components to mitigate suspected ongoing cyber attacks.…”

Section: Related Workmentioning

confidence: 99%

“…4 The model used in our work uses the AND/OR notation and is based on the constraint satisfaction problem. 17,20,24,25 The difference between our approach and the related work is that we do not consider mission capacity; functional requirements, that is, constraints, are a binary matter. The logic of the model used in our work allows selecting the most resilient configuration among all feasible ones, that is, to derive a Bayesian network of associated privileges including both critical targets and likely attacker positions and to calculate the resilience of the configuration.…”

Section: Mission-centric Cybersecuritymentioning

confidence: 99%

See 2 more Smart Citations

Mission‐centric decision support in cybersecurity via Bayesian Privilege Attack Graph

Javorník

Husák

2022

Engineering Reports

View full text Add to dashboard Cite

We present an approach to decision support in cybersecurity with respect to cyber threats and stakeholders' requirements. We approach situations in which cybersecurity experts need to take actions to mitigate the risks, such as temporarily putting an IT system out of operation, but need to consult them with other stakeholders. We propose a decision support system that uses a mission decomposition model representing the organization's functional and security requirements on its IT infrastructure. Based on the cybersecurity state assessment, that is, discovery of vulnerabilities and attacker's position, the decision support system calculates the resilience metrics for each IT infrastructure's configuration, that is, how likely are they to not be disrupted. The calculation is enabled by two novel formal models, Privilege-Exploit Attack Graph and Bayesian Privilege Attack Graph, which reduce complex attack graphs into a comprehensible bipartite graph. Moreover, they illustrate the impact of exploiting the vulnerabilities and attackers gaining the privileges. The system recommends the most resilient mission configurations that are comprehensible to both cybersecurity experts and non-technical stakeholders, who may then choose which configuration to apply. Our approach is illustrated in a case study of a real-world medical information system.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Mission-centric Cybersecuritymentioning

confidence: 99%

See 1 more Smart Citation

Mission‐centric decision support in cybersecurity via Bayesian Privilege Attack Graph

Javorník

Husák

2022

Engineering Reports

View full text Add to dashboard Cite

show abstract

“…The Cyber-Attack Runtime Mitigation Action Search (CAR-MAS) component is presented in detail in [34]. It takes as input from the Advanced Visualization Toolkit (AVT), a set of detected attack actions, each accompanied with the business loss that they would bring about if left unmitigated.…”

Section: Mitigation Engine -Sdn Controllermentioning

confidence: 99%

“…The COP builder takes as parameter a heuristic function to build a COP that tailors relevant general knowledge that its reuses from the ontology to the specific attack input description received from AVT. In [34], we show that such heuristically built COP can then be solved by the COP solver in a few seconds even for large coordinated attacks involving up to 10 attack actions targeting up to 15 network assets.…”

Section: Mitigation Engine -Sdn Controllermentioning

confidence: 99%

Cybersecurity for Industrial Internet of Things: Architecture, Models and Lessons Learned

et al. 2022

View full text Add to dashboard Cite

Modern industrial systems now, more than ever, require secure and efficient ways of communication. The trend of making connected, smart architectures is beginning to show in various fields of the industry such as manufacturing and logistics. The number of IoT (Internet of Things) devices used in such systems is naturally increasing and industry leaders want to define business processes which are reliable, reproducible, and can be effortlessly monitored. With the rise in number of connected industrial systems, the number of used IoT devices also grows and with that some challenges arise. Cybersecurity in these types of systems is crucial for their wide adoption. Without safety in communication and threat detection and prevention techniques, it can be very difficult to use smart, connected systems in the industry setting. In this paper we describe two real-world examples of such systems while focusing on our architectural choices and lessons learned. We demonstrate our vision for implementing a connected industrial system with secure data flow and threat detection and mitigation strategies on real-world data and IoT devices. While our system is not an off-the-shelf product, our architecture design and results show advantages of using technologies such as Deep Learning for threat detection and Blockchain enhanced communication in industrial IoT systems and how these technologies can be implemented. We demonstrate empirical results of various components of our system and also the performance of our system as-a-whole. INDEX TERMSAnomaly Detection, Blockchain, Cybersecurity, Deep Learning, Internet of Things I. INTRODUCTIONDespite the fact that the IIoT (Industrial Internet of Things) has a profound impact on many industry domains, a major barrier towards IIoT adoption lies in cybersecurity issues that make it extremely difficult to harness its full potential: IIoT systems dramatically increase the attack surface

show abstract

An Artificial Intelligence Framework for the Representation and Reuse of Cybersecurity Incident Resolution Knowledge

Guerra,

Barcelos,

Nunes

et al. 2023

12th Latin-American Symposium on Dependable and Secure Computing

View full text Add to dashboard Cite

Intelligent Decision Support for Cybersecurity Incident Response Teams: Autonomic Architecture and Mitigation Search

Cited by 3 publications

References 34 publications

Mission‐centric decision support in cybersecurity via Bayesian Privilege Attack Graph

Mission‐centric decision support in cybersecurity via Bayesian Privilege Attack Graph

Cybersecurity for Industrial Internet of Things: Architecture, Models and Lessons Learned

An Artificial Intelligence Framework for the Representation and Reuse of Cybersecurity Incident Resolution Knowledge

Contact Info

Product

Resources

About