10,760 research outputs found
DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees
This paper presents the current state of the art on attack and defense
modeling approaches that are based on directed acyclic graphs (DAGs). DAGs
allow for a hierarchical decomposition of complex scenarios into simple, easily
understandable and quantifiable actions. Methods based on threat trees and
Bayesian networks are two well-known approaches to security modeling. However
there exist more than 30 DAG-based methodologies, each having different
features and goals. The objective of this survey is to present a complete
overview of graphical attack and defense modeling techniques based on DAGs.
This consists of summarizing the existing methodologies, comparing their
features and proposing a taxonomy of the described formalisms. This article
also supports the selection of an adequate modeling technique depending on user
requirements
A Survey on Enterprise Network Security: Asset Behavioral Monitoring and Distributed Attack Detection
Enterprise networks that host valuable assets and services are popular and
frequent targets of distributed network attacks. In order to cope with the
ever-increasing threats, industrial and research communities develop systems
and methods to monitor the behaviors of their assets and protect them from
critical attacks. In this paper, we systematically survey related research
articles and industrial systems to highlight the current status of this arms
race in enterprise network security. First, we discuss the taxonomy of
distributed network attacks on enterprise assets, including distributed
denial-of-service (DDoS) and reconnaissance attacks. Second, we review existing
methods in monitoring and classifying network behavior of enterprise hosts to
verify their benign activities and isolate potential anomalies. Third,
state-of-the-art detection methods for distributed network attacks sourced from
external attackers are elaborated, highlighting their merits and bottlenecks.
Fourth, as programmable networks and machine learning (ML) techniques are
increasingly becoming adopted by the community, their current applications in
network security are discussed. Finally, we highlight several research gaps on
enterprise network security to inspire future research.Comment: Journal paper submitted to Elseive
Comprehensive Security Framework for Global Threats Analysis
Cyber criminality activities are changing and becoming more and more professional. With the growth of financial flows through the Internet and the Information System (IS), new kinds of thread arise involving complex scenarios spread within multiple IS components. The IS information modeling and Behavioral Analysis are becoming new solutions to normalize the IS information and counter these new threads. This paper presents a framework which details the principal and necessary steps for monitoring an IS. We present the architecture of the framework, i.e. an ontology of activities carried out within an IS to model security information and User Behavioral analysis. The results of the performed experiments on real data show that the modeling is effective to reduce the amount of events by 91%. The User Behavioral Analysis on uniform modeled data is also effective, detecting more than 80% of legitimate actions of attack scenarios
A Bayesian Network Approach for the Interpretation of Cyber Attacks to Power Systems
The focus of this paper is on the analysis of the cyber security
resilience of digital infrastructures deployed by power grids, internationally recognized as a priority since several recent cyber attacks targeted
energy systems and in particular the power service. In response to the
regulatory framework, this paper presents an analysis approach based
on the Bayesian Networks formalism and on real world threat scenarios.
Our approach enables analyses oriented to planning of security measures
and monitoring, and to forecasting of adversarial behaviours
Capturing the Dynamic Nature of Cyber Risk: Evidence from an Explorative Case Study
In this research, we developed a novel approach to enable a dynamic cyber risk management strategy as the dynamic nature of cyber risk is rarely considered in current decision support tools. Our explorative case study shows that many management challenges such as investment decisions, priority setting, and “shelf time” analyses can be continuously analyzed. Our research using system thinking and modelling provides valuable insights about these challenges to support current strategic decision-making practices and improve managerial learning. These insights enable management to identify and analyze the effectiveness of future cyber risk management strategies before implementing them
- …