Cost Evaluation for Intrusion Response Using Dependency Graphs

The cost evaluation for attacks and/or responses (further called security incidents) in an IT system is a challenging issue. The high rate of service dependencies increases this challenge as the impact on a target service often spreads to its dependent services. This paper evaluates the effect of security incidents using service dependency graphs. It defines security- related properties which are used to propagate impacts in a dependency graph and thus to quantify the real cost of a security incident. The graph-based model described in this paper manages Confidentiality (C), Integrity (I) and Availability (A) propagations. It introduces matrix dependency weights in order to correlate these propagations. It also examines the effect of availability on both C and / propagations as these may exist only when the underlying components are available. This model provides common metrics for both attack and response costs evaluation. It thus enables balancing attack and response costs. An implementation of this model is proposed using CVSS base vectors. The performance of the model is measured according to the graph size and the rate of dependencies in this graph.