TY - GEN
T1 - Heuristic Approach for Countermeasure Selection Using Attack Graphs
AU - Stan, Orly
AU - Bitton, Ron
AU - Ezrets, Michal
AU - Dadon, Moran
AU - Inokuchi, Masaki
AU - Ohta, Yoshinobu
AU - Yagyu, Tomohiko
AU - Elovici, Yuval
AU - Shabtai, Asaf
N1 - Publisher Copyright:
© 2021 IEEE Computer Society. All rights reserved.
PY - 2021/1/1
Y1 - 2021/1/1
N2 - Selecting the optimal set of countermeasures to secure a network is a challenging task, since it involves various considerations and trade-offs, such as prioritizing the risks to mitigate given the mitigation costs. Previously suggested approaches are based on limited and largely manual risk assessment procedures, provide recommendations for a specific event, or don't consider the organization's constraints (e.g., limited budget). In this paper, we present an improved attack graphbased risk assessment process and apply heuristic search to select an optimal countermeasure plan for a given network and budget. The risk assessment process represents the risk in the system in such a way that incorporates the quantitative risk factors and relevant countermeasures; this allows us to assess the risk in the system under different countermeasure plans during the search, without the need to regenerate the attack graph. We also provide a detailed description of countermeasure modeling and discuss how the countermeasures can be automatically matched to the security issues discovered in the network.
AB - Selecting the optimal set of countermeasures to secure a network is a challenging task, since it involves various considerations and trade-offs, such as prioritizing the risks to mitigate given the mitigation costs. Previously suggested approaches are based on limited and largely manual risk assessment procedures, provide recommendations for a specific event, or don't consider the organization's constraints (e.g., limited budget). In this paper, we present an improved attack graphbased risk assessment process and apply heuristic search to select an optimal countermeasure plan for a given network and budget. The risk assessment process represents the risk in the system in such a way that incorporates the quantitative risk factors and relevant countermeasures; this allows us to assess the risk in the system under different countermeasure plans during the search, without the need to regenerate the attack graph. We also provide a detailed description of countermeasure modeling and discuss how the countermeasures can be automatically matched to the security issues discovered in the network.
KW - Attack Graphs
KW - Countermeasure Planning
UR - http://www.scopus.com/inward/record.url?scp=85111214354&partnerID=8YFLogxK
U2 - 10.1109/CSF51468.2021.00003
DO - 10.1109/CSF51468.2021.00003
M3 - Conference contribution
AN - SCOPUS:85111214354
T3 - Proceedings - IEEE Computer Security Foundations Symposium
BT - Proceedings - 2021 IEEE 34th Computer Security Foundations Symposium, CSF 2021
PB - Institute of Electrical and Electronics Engineers
T2 - 34th IEEE Computer Security Foundations Symposium, CSF 2021
Y2 - 21 June 2021 through 25 June 2021
ER -