Computer attack modeling and security evaluation based on attack graphs

The paper considers an approach to computer attack modeling and security evaluation which is suggested to realize in advanced Security Information and Event Management (SIEM) systems. It is based on modeling of malefactors´ behavior, building a common attack graph, processing current alerts for real-time adjusting of particular attack graphs, calculating different security metrics and providing security assessment procedures. The approach is intended to be implemented in the framework of the EU MASSIF project. The generalized architecture of the Attack Modeling and Security Evaluation Component (AMSEC), as one of the main analytical components of SIEM systems, is outlined. The main components and techniques for attack modeling and security evaluation are defined. A prototype of the AMSEC is specified. Experiments with this prototype are analyzed. The prototype makes use of the scenario “Managed Enterprise Service Infrastructures”.