Heuristic Approach Towards Countermeasure Selection using Attack Graphs

by   Orly Stan, et al.

Selecting the optimal set of countermeasures is a challenging task that involves various considerations and tradeoffs such as prioritizing the risks to mitigate and costs. The vast majority of studies for selecting a countermeasure deployment are based on a limited risk assessment procedure that utilizes the common vulnerability scoring system (CVSS). Such a risk assessment procedure does not necessarily consider the prerequisites and exploitability of a specific asset, cannot distinguish insider from outsider threat actor, and does not express the consequences of exploiting a vulnerability as well as the attacker's lateral movements. Other studies applied a more extensive risk assessment procedure that relies on manual work and repeated assessment. These solutions however, do not consider the network topology and do not specify the optimal position for deploying the countermeasures, and therefore are less practical. In this paper we suggest a heuristic search approach for selecting the optimal countermeasure deployment under a given budget limitation. The proposed method expresses the risk of the system using an extended attack graph modeling, which considers the prerequisites and consequences of exploiting a vulnerability, examines the attacker's potential lateral movements, and express the physical network topology as well as vulnerabilities in network protocols. In addition, unlike previous studies which utilizes attack graph for countermeasure planning, the proposed methods does not require re-generating the attack graph at each stage of the procedure, which is computationally heavy, and therefore it provides a more accurate and practical countermeasure deployment planning process.


Risk Assessment Graphs: Utilizing Attack Graphs for Risk Assessment

Risk assessment plays a crucial role in ensuring the security and resili...

Deployment Optimization of IoT Devices through Attack Graph Analysis

The Internet of things (IoT) has become an integral part of our life at ...

Thesis Deployment Optimization of IoT Devices through Attack Graph Analysis

The Internet of things (IoT) has become an integral part of our life at ...

Graph-Theoretic Approach for Manufacturing Cybersecurity Risk Modeling and Assessment

Identifying, analyzing, and evaluating cybersecurity risks are essential...

Everyone Can Attack: Repurpose Lossy Compression as a Natural Backdoor Attack

The vulnerabilities to backdoor attacks have recently threatened the tru...

On the Soundness of Infrastructure Adversaries

Companies and network operators perform risk assessment to inform policy...

Risk analysis beyond vulnerability and resilience - characterizing the defensibility of critical systems

A common problem in risk analysis is to characterize the overall securit...

Please sign up or login with your details

Forgot password? Click here to reset