Countermeasure Selection in SIEM Systems Based on the Integrated Complex of Security Metrics

Author

Kotenko, Igor ; Doynikova, Elena

Author_Institution

Lab. of Comput. Security Problems, St. Petersburg Inst. for Inf. & Autom., St. Petersburg, Russia

fYear

2015

fDate

4-6 March 2015

Firstpage

567

Lastpage

574

Abstract

The paper considers a technique for countermeasure selection in security information and event management (SIEM) systems. The developed technique is based on the suggested complex of security metrics. For the countermeasure selection the set of security metrics is extended with an additional level needed for security decision support. This level is based on the countermeasure effectiveness metrics. Key features of the suggested technique are application of the attack and service dependencies graphs, the introduced model of the countermeasure and the suggested metrics of the countermeasure effectiveness, cost and collateral damage. Other important feature of the technique is providing the solution on the countermeasure implementation in any time on the base of the current security state and security events.

Keywords

decision support systems; graph theory; security of data; software metrics; SIEM systems; attack dependencies graphs; countermeasure selection; integrated complex; security decision support; security events; security information and event management; security metrics; security state; service dependencies graphs; Authentication; Measurement; Risk management; Taxonomy; attack graphs; countermeasures; cyber security; risk assessment; security information and event management; security metrics; service dependencies graphs;

fLanguage

English

Publisher

ieee

Conference_Titel

Parallel, Distributed and Network-Based Processing (PDP), 2015 23rd Euromicro International Conference on

Conference_Location

Turku

ISSN

1066-6192

Type

conf

DOI

10.1109/PDP.2015.34

Filename

7092776