Efficient attack countermeasure selection accounting for recovery and action costs
File(s)Efficient_attack_countermeasure_selection_SPIRAL.pdf (1.02 MB)
Accepted version
Author(s)
Soikkeli, Jukka
Muñoz-González, Luis
Lupu, Emil
Type
Conference Paper
Abstract
The losses arising from a system being hit by cyber attacks can be staggeringly high, but defending against such attacks can also be costly. This work proposes an attack countermeasure selection approach based on cost impact analysis that takes into account the impacts of actions by both the attacker and the defender.
We consider a networked system providing services whose functionality depends on other components in the network. We model the costs and losses to service availability from compromises and defensive actions to the components, and show that while containment of the attack can be an effective defense, it may be more cost-efficient to allow parts of the attack to continue further whilst focusing on recovering services to a functional state. Based on this insight, we build a countermeasure selection method that chooses the most cost-effective action based on its impact on expected losses and costs over a given time horizon. Our method is evaluated using simulations in synthetic graphs representing network dependencies and vulnerabilities, and performs well in comparison to alternatives.
We consider a networked system providing services whose functionality depends on other components in the network. We model the costs and losses to service availability from compromises and defensive actions to the components, and show that while containment of the attack can be an effective defense, it may be more cost-efficient to allow parts of the attack to continue further whilst focusing on recovering services to a functional state. Based on this insight, we build a countermeasure selection method that chooses the most cost-effective action based on its impact on expected losses and costs over a given time horizon. Our method is evaluated using simulations in synthetic graphs representing network dependencies and vulnerabilities, and performs well in comparison to alternatives.
Date Issued
2019-08-26
Date Acceptance
2019-08-26
Citation
Proceedings of the 14th International Conference on Availability, Reliability and Security - ARES '19, 2019
ISBN
9781450371643
Publisher
ACM Press
Journal / Book Title
Proceedings of the 14th International Conference on Availability, Reliability and Security - ARES '19
Copyright Statement
© 2019 Copyright held by the owner/author(s). Publication rights licensed to ACM.
ACM ISBN 978-1-4503-7164-3/19/08. https://doi.org/10.1145/3339252.3339270.
ACM ISBN 978-1-4503-7164-3/19/08. https://doi.org/10.1145/3339252.3339270.
Source
the 14th International Conference
Subjects
cs.CR
cs.CR
Publication Status
Published
Start Date
2019-08-26
Finish Date
2019-08-29
Coverage Spatial
Canterbury, United Kingdom
Date Publish Online
2019-08-26