An Empirical Risk Management Framework for Monitoring Network Security

Inherent vulnerabilities in software applications running in a computer network, bringing in personal devices to the network on an ad-hoc basis, a growing trend of network users accessing Web and utilise Cloud services remotely, and increasingly mature and stealthy techniques used by cyber-criminals have left the whole network vulnerable to cyber-attacks. This requires a network administrator to better understand the dynamic threat landscape and its associated risks so that appropriate security controls and policies could be applied as a countermeasure against existing and new cyber-attacks. However, measuring the risk of cyber attacks and identifying the most recent modus-operandi of cyber criminals on large computer networks can be difficult due to the wide range of services and applications running within the network, the multiple vulnerabilities associated with each application, the severity associated with each vulnerability, and the ever-changing attack vector of cyber criminals. In this paper we propose a framework to represent these features, enabling real-time network enumeration and traffic analysis to be carried out, in order to produce quantified measures of risk at specific points in time. We validate the approach using real-network data from a University network and show how the data can be used to understand the attack patterns and their trends.