Title :
Computer attack modeling and security evaluation based on attack graphs
Author :
Kotenko, Igor ; Chechulin, Andrey
Author_Institution :
St. Petersburg Inst. for Inf. & Autom., St. Petersburg, Russia
Abstract :
The paper considers an approach to computer attack modeling and security evaluation which is suggested to realize in advanced Security Information and Event Management (SIEM) systems. It is based on modeling of malefactors´ behavior, building a common attack graph, processing current alerts for real-time adjusting of particular attack graphs, calculating different security metrics and providing security assessment procedures. The approach is intended to be implemented in the framework of the EU MASSIF project. The generalized architecture of the Attack Modeling and Security Evaluation Component (AMSEC), as one of the main analytical components of SIEM systems, is outlined. The main components and techniques for attack modeling and security evaluation are defined. A prototype of the AMSEC is specified. Experiments with this prototype are analyzed. The prototype makes use of the scenario “Managed Enterprise Service Infrastructures”.
Keywords :
graph theory; security of data; AMSEC; EU MASSIF project; SIEM systems; attack graphs; attack modeling and security evaluation component; computer attack modeling; malefactor behavior; managed enterprise service infrastructures; security assessment procedures; security evaluation; security information and event management systems; security metrics; Analytical models; Computational modeling; Data models; Databases; Measurement; Security; Software; attack graphs; computer attack modeling; security evaluation; security information and event management;
Conference_Titel :
Intelligent Data Acquisition and Advanced Computing Systems (IDAACS), 2013 IEEE 7th International Conference on
Conference_Location :
Berlin
Print_ISBN :
978-1-4799-1426-5
DOI :
10.1109/IDAACS.2013.6662998
