nach oben

Erschienen in:

2018 | OriginalPaper | Buchkapitel

Cyber Security Decision Support for Remediation in Automated Computer Network Defence

verfasst von : Maxwell Dondo

Erschienen in: Security and Privacy in Communication Networks

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

In making important cyber security course of action (COA) decisions, experts mostly use their knowledge and experience to collate and synthesise information from multiple and sometimes conflicting sources such as the continually evolving cyber security tools. Such a decision making process is resource intensive and could result in inconsistencies from experts’ subjective interpretations of how to address the network’s security risks. The push towards automated computer network defence (CND) systems requires autonomous decision making and recommendation approaches for network security remediation. In this work, we present such a novel approach through a TOPSIS-based multi-attribute decision making COA selection technique. Our model uses a survey of experts to show that human experts’ decisions are indeed inconsistent, even when they are provided with the same information. We then present our decision making approach that is based on considering multiple COA selection factors in an operational environment and implementing a multi-objective selection method that provides network defenders with the best actionable COAs for an automated CND system. Our results show consistency that is unmatched by human experts.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Hiding Fast Flux Botnet in Plain Email Sight

Nächstes Kapitel Situational Crime Prevention and the Mitigation of Cloud Computing Threats

Kim, A., Kang, M.H.: Determining asset criticality for cyber defense. Naval Research Laboratory. Technical report NRL/MR/5540-11-9350 (2011)

Kim, A., Kang, M.H., Luo, J.Z., Velasquez, A.: A framework for event prioritization in cyber network defense. Naval Research Laboratory. Technical report NRL/MR/5540-14-9541 (2014)

Ou, X., Govindavajhala, S., Appel, A.W.: MulVAL: a logic-based network security analyzer. In: USENIX Security (2005)

Sawilla, R., Burrell, C.: Course of action recommendations for practical network defence. Defence Research and Development Canada. Technical Report DRDC Ottawa TM 2009–130 (2009)

Sawilla, R., Skillicorn, D.: Partial cuts in attack graphs for cost effective network defense. In: IEEE International Conference on Technologies for Homeland Security, HST 2012, pp. 291–297 (2012)

Miller, G.A.: The magical number seven, plus or minus two: some limits on our capacity for processing information. Psychol. Rev. 101, 343 (1994)CrossRef

Miller, S., Appleby, S., Garibaldi, J.M., Aickelin, U.: Towards a more systematic approach to secure systems design and analysis. Int. J. Secure Softw. Eng. 4(1), 11–30 (2013)CrossRef

Symantec: IT analytics 7.1 for altiris it management suite from symantec. Symantec, Technical report (2013)

RedSeal Networks. Security target. https://www.redseal.net

10.

Dondo, M.: A neural network approach for cyber security course of action selection. Defence Research and Development Canada, Technical report DRDC-RDDC-2016-R269 (2016)

11.

Hwang, C.-L., Yoon, K.: Multiple Attribute Decision Making: Methods and Applications a State-of-the-Art Survey. Springer Science & Business Media, Heidelberg (2012). https://doi.org/10.1007/978-3-642-48318-9CrossRefMATH

12.

McKenzie, C.: GENESIS: integrated end-to-end decision support for computer network defence, design and architecture document. Defence Research and Development Canada. Technical report DRDC Ottawa CR 2011–009 (2011)

13.

Sawilla, R.E., Wiemer, D.J.: Automated computer network defence technology demonstration project (ARMOUR TDP): concept of operations, architecture, and integration framework. In: 2011 IEEE International Conference on Technologies for Homeland Security (HST), pp. 167–172, November 2011

14.

Sawilla, R.E., Ou, X.: Identifying critical attack assets in dependency attack graphs. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 18–34. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-88313-5_2CrossRef

15.

Symantec. Symantec patch management solution powered by altiris technology. http://www.symantec.com/products

16.

Alhomidi, M., Reed, M.: Finding the minimum cut set in attack graphs using genetic algorithms. In: 2013 International Conference on Computer Applications Technology. ICCAT 2013, pp. 1–6, January 2013

17.

Hong, J., Kim, D.S., Haqiq, A.: What vulnerability do we need to patch first? In: 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks. DSN 2014, pp. 684–689, June 2014

18.

Chakraborty, S., Yeh, C.-H.: A simulation based comparative study of normalization procedures in multiattribute decision making. In: Proceedings of the 6th Conference on Artificial Intelligence: Knowledge Engineering and Data Bases (2007)

19.

Boran, F.E., Genç, S., Kurt, M., Akay, D.: A multi-criteria intuitionistic fuzzy group decision making for supplier selection with TOPSIS method. Expert Syst. Appl. 36(8), 11363–11368 (2009)CrossRef

20.

Safari, H., Khanmohammadi, E., Hafezamini, A., Ahangari, S.S.: A new technique for multi criteria decision making based on modified similarity method. Middle-East J. Sci. Res. 14(5), 712–719 (2013)

21.

Velasquez, M., Hester, P.T.: An analysis of multi-criteria decision making methods. Int. J. Oper. Res. 10, 56–66 (2013)MathSciNet

22.

Linstone, H.A., Turoff, M.: The Delphi Method. Addison-Wesley, Reading (2002)MATH

Titel: Cyber Security Decision Support for Remediation in Automated Computer Network Defence
verfasst von: Maxwell Dondo
Verlag: Springer International Publishing
Buch: Security and Privacy in Communication Networks
Print ISBN: 978-3-319-78815-9

Electronic ISBN: 978-3-319-78816-6

Copyright-Jahr: 2018
DOI: https://doi.org/10.1007/978-3-319-78816-6_15

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"