Towards dynamic risk management: success likelihood of ongoing attacks


International audienceThe proliferation of sophisticated cyberattacks, coupled with the steady growth of information and communication technology (ICT) systems in size and complexity, provides motivation for continuous improvements in security management. For day-to-day operation, security officers and administrators need an effective response (or decision aid) system to handle ongoing cyberattacks. Effective countermeasures must minimize the risks induced by these attacks, noting that the risk is evaluated as a function of the success likelihood and the impact of an attack. In this paper, we demonstrate how to dynamically calculate the success likelihood (SL) for an ongoing attack by considering the progress of an attacker towards his objective. Afterwards, we present a response/decision aid system based on the SL metric. Finally, we present the Success Likelihood Assessment Module (SLAM), which implements and highlights the relevance of our work for real time security management. This paper focuses on the operational aspects of a security by design approach

Similar works

Full text


HAL-Université de Bretagne Occidentale

Last time updated on 12/11/2016

This paper was published in HAL-Université de Bretagne Occidentale.

Having an issue?

Is data on this page outdated, violates copyrights or anything else? Report the problem now and we will take corresponding actions after reviewing your request.