Analytical attack modeling and security assessment based on the common vulnerability scoring system

The paper analyzes an approach to the analytical attack modeling and security assessment on the base of the Common Vulnerability Scoring System (CVSS) format, considering different modifications that appeared in the new version of the CVSS specification. The common approach to the analytical attack modeling and security assessment was suggested by the authors earlier. The paper outlines disadvantages of previous CVSS version that influenced negatively on the results of the attack modeling and security assessment. Differences between new and previous CVSS versions are analyzed. Modifications of the approach to the analytical attack modeling and security assessment that follow from the CVSS modifications are suggested. Advantages of the modified approach are described. Case study that illustrates enhanced approach is provided

Design Technique for Secure Embedded Devices: Application for Creation of Integrated Cyber-Physical Security System

Abstract As elements of complex information systems, embedded devices define informational and physical connections between the level of software control of the system on the one hand, and its technical environment and users on the other. Operating in a potentially volatile and untrusted cyber-physical environment, using insufficiently secure communication channels and sensors as well as various external influences cause such devices are subject to specific attacking actions. As a result the design of such systems is a challenging task often requiring expert based solutions. The main contribution of the paper is a design technique for secure embedded devices on the basis of combinations of security components, optimization approach and developed software tools for decision making support. The correctness of the technique is confirmed by its use in the development of the integrated cyberphysical security system

Cyberattack Detection in Vehicles using Characteristic Functions, Artificial Neural Networks, and Visual Analysis

The connectivity of autonomous vehicles induces new attack surfaces and thus the demand for sophisticated cybersecurity management. Thus, it is important to ensure that in-vehicle network monitoring includes the ability to accurately detect intrusive behavior and analyze cyberattacks from vehicle data and vehicle logs in a privacy-friendly manner. For this purpose, we describe and evaluate a method that utilizes characteristic functions and compare it with an approach based on artificial neural networks. Visual analysis of the respective event streams complements the evaluation. Although the characteristic functions method is an order of magnitude faster, the accuracy of the results obtained is at least comparable to those obtained with the artificial neural network. Thus, this method is an interesting option for implementation in in-vehicle embedded systems. An important aspect for the usage of the analysis methods within a cybersecurity framework is the explainability of the detection results

Visualization Model for Monitoring of Computer Networks Security Based on the Analogue of Voronoi Diagrams

Part 1: The International Cross Domain Conference (CD-ARES 2016)International audienceIn this paper we propose an approach to the development of the computer network visualization system for security monitoring, which uses a conceptually new model of graphic visualization that is similar to the Voronoi diagrams. The proposed graphical model uses the size, color and opacity of the cell to display host parameters. The paper describes a technique for new graphical model construction and gives examples of its application along with traditional graph based and other models

An Approach to Ranking the Sources of Information Dissemination in Social Networks

The problem of countering the spread of destructive content in social networks is currently relevant for most countries of the world. Basically, automatic monitoring systems are used to detect the sources of the spread of malicious information, and automated systems, operators, and counteraction scenarios are used to counteract it. The paper suggests an approach to ranking the sources of the distribution of messages with destructive content. In the process of ranking objects by priority, the number of messages created by the source and the integral indicator of the involvement of its audience are considered. The approach realizes the identification of the most popular and active sources of dissemination of destructive content. The approach does not require the analysis of graphs of relationships and provides an increase in the efficiency of the operator. The proposed solution is applicable both to brand reputation monitoring systems and for countering cyberbullying and the dissemination of destructive information in social networks

Development of Information Access and Management Services for Integrated Vulnerability Database

The paper is devoted to the investigation of open vulnerability databases and methods of their integration for construction of an integrated security information repository. The novelty of the present work lies in the proposed process model of repository construction and filing optimized for the task of network security evaluation. As a practical implementation the set of security information management services are presented. The main distinguishing feature of proposed integrated repository is its adaptation for use as a service in the network security evaluation systems and aggregation of security information from multiple open databases in one repository

Graph Visualization: Alternative Models Inspired by Bioinformatics

Currently, the methods and means of human–machine interaction and visualization as its integral part are being increasingly developed. In various fields of scientific knowledge and technology, there is a need to find and select the most effective visualization models for various types of data, as well as to develop automation tools for the process of choosing the best visualization model for a specific case. There are many data visualization tools in various application fields, but at the same time, the main difficulty lies in presenting data of an interconnected (node-link) structure, i.e., networks. Typically, a lot of software means use graphs as the most straightforward and versatile models. To facilitate visual analysis, researchers are developing ways to arrange graph elements to make comparing, searching, and navigating data easier. However, in addition to graphs, there are many other visualization models that are less versatile but have the potential to expand the capabilities of the analyst and provide alternative solutions. In this work, we collected a variety of visualization models, which we call alternative models, to demonstrate how different concepts of information representation can be realized. We believe that adapting these models to improve the means of human–machine interaction will help analysts make significant progress in solving the problems researchers face when working with graphs

Attack Graph Construction for Security Events Analysis

The paper is devoted to investigation of the attack graphs construction and analysis task for a network security evaluation and real-time security event processing. Main object of this research is the attack modeling process. The paper contains the description of attack graphs building, modifying and analysis technique as well as overview of implemented prototype for network security analysis based on attack graph approach

A visual analytics approach for the cyber forensics based on different views of the network traffic

International audienceNetwork forensics is based on the analysis of network traffic. Traffic analysis is a routine procedure, but it allows one to not only identify the cause of the security breach, but also step by step to recreate the whole picture of what happened. To analyze the traffic, investigators usually use Wireshark, a software that has the graphical interface and has greater capabilities for sorting and filtering packets. But even with it, packet analysis takes a lot of time. In this paper, we propose an approach for cyber forensics based on different views on the network traffic. Using this approach, it is possible to signifi- cantly improve the efficiency of forensic scientists, including the rapid localization of anomalies and, importantly, the creation of easily understandable graphical proofs and histories of computer attacks. The example of the investigation of the attack SSL-strip is a way to classify different views (slices) of traffic and a scheme for using for these slices different models of visualization. Also provides an assessment and recommendations for the application of visual analytics methods

Design and Implementation of a Hybrid Ontological-Relational Data Repository for SIEM Systems

future interne