Volume 5 - Issue 3
Evaluation of Computer Network Security based on Attack Graphs and Security Event Processing
- Igor Kotenko
Laboratory of Computer Security Problems St. Petersburg Institute for Informatics and Automation (SPIIRAS) 39, 14 Liniya, St. Petersburg, 199178, Russia, St. Petersburg National Research University of Information Technologies, Mechanics and Optics 49, Kronverkskiy prospekt, Saint-Petersburg, Russia
ivkote@comsec.spb.ru
- Elena Doynikova
St. Petersburg National Research University of Information Technologies, Mechanics and Optics 49, Kronverkskiy prospekt, Saint-Petersburg, Russia
doynikova@comsec.spb.ru
Keywords: cyber situational awareness, security metrics, security metrics taxonomy, attack graphs, security incidents, SIEM systems
Abstract
The paper is devoted to the security assessment problem. Authors suggest an approach to the security
assessment based on the attack graphs that can be implemented in contemporary Security Information
and Event Management (SIEM) systems. Key feature of the approach consists in the application
of the developed security metrics system based on the differentiation of the input data for the metrics
calculations. Input data includes, among others, current events from the SIEM system. Proposed
metrics form the basis for security awareness and reflect current security situation, including development
of attacks, attacks sources and targets, attackers’ characteristics. The suggested technique is
demonstrated on a case study.