• DocumentCode
    598514
  • Title

    Common Framework for Attack Modeling and Security Evaluation in SIEM Systems

  • Author

    Kotenko, Igor ; Chechulin, Andrey

  • Author_Institution
    Lab. of Comput. Security Problems, St. Petersburg Inst. for Inf. & Autom. (SPIIRAS), St. Petersburg, Russia
  • fYear
    2012
  • fDate
    20-23 Nov. 2012
  • Firstpage
    94
  • Lastpage
    101
  • Abstract
    The paper suggests a framework for attack modeling and security evaluation in Security Information and Event Management (SIEM) systems. It is supposed that the common approach to attack modeling and security evaluation is based on modeling of a malefactor´s behavior, generating a common attack graph, calculating different security metrics and providing risk analysis procedures. Key elements of suggested architectural solutions for attack modeling and security evaluation are using a comprehensive security repository, effective attack graph (tree) generation techniques, taking into account known and new attacks based on zero-day vulnerabilities, stochastic analytical modeling, and interactive decision support to choose preferred security solutions. The architecture of the Attack Modeling and Security Evaluation Component (AMSEC) is proposed, its interaction with other SIEM components is described. We present the prototype of the component and the results of experiments carried out.
  • Keywords
    computer network security; decision support systems; interactive systems; risk analysis; stochastic processes; trees (mathematics); SIEM system; attack graph; attack modeling; comprehensive security repository; interactive decision support; malefactor behavior modeling; risk analysis procedure; security evaluation; security information and event management; security metrics; stochastic analytical modeling; tree generation technique; zero day vulnerability; Analytical models; Computational modeling; Databases; Generators; Measurement; Prototypes; Security; Attack graph; Attack modeling; SIEM; Security evaluation; Service dependences; Zero day vulnerabilities;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Green Computing and Communications (GreenCom), 2012 IEEE International Conference on
  • Conference_Location
    Besancon
  • Print_ISBN
    978-1-4673-5146-1
  • Type

    conf

  • DOI
    10.1109/GreenCom.2012.24
  • Filename
    6468300