Abstract
As the number of attacks, and thus the number of alerts received by Security Information and Event Management Systems (SIEMs) increases, the need for appropriate treatment of these alerts has become essential. The new generation of SIEMs focuses on the response ability to automate the process of selecting and deploying countermeasures. However, current response systems select and deploy security measures without performing a comprehensive impact analysis of attacks and response scenarios. This paper addresses this limitation by proposing a model for the automated selection of optimal security countermeasures. In addition, the paper compares previous mathematical models and studies their limitations, which lead to the creation of a new model that evaluates, ranks and selects optimal countermeasures. The model relies on the optimization of cost sensitive metrics based on the Return On Response Investment (RORI) index. The optimization compares the expected impact of the attacks when doing nothing with the expected impact after applying countermeasures. A case study of a real infrastructure is deployed at the end of the document to show the applicability of the model over a Mobile Money Transfer Service.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Debar, H., Thomas, Y., Cuppens, F., Cuppens-Boulahia, N.: Enabling Automated Threat Response through the Use of Dynamic Security Policy. Journal in Computer Virology 3(3), 195–210 (2007)
Riveiro de Azevedo, R., Galvao Dantas, E., Freitas, F., Rodriguez, C., Siqueira de Almeida, M., Campos Veras, W., Santos, R.: An Automatic Ontology-Based Multiagent System for Intrusion Detection in Computing Environments. International Journal for Informatics (IJI) 3(1) (2010)
Jeffrey, M.: Return on Investment Analysis for e-Business Projects. In: Bidgoli, H. (ed.) Internet Encyclopedia, 1st edn., vol. 3, pp. 211–236 (2004)
Schmidt, M.: Return on Investment (ROI): Meaning and Use. Encyclopedia of Business Terms and Methods (2011), http://www.solutionmatrix.com/return-on-investment.html
Cremonini, M., Martini, P.: Evaluating Information Security Investment from Attackers Perspective: the Return-On-Attack (ROA). In: Proceedings of the 4th Workshop on the Economics on Information Security (2005)
Brocke, J., Strauch, G., Buddendick, C.: Return on Security Investment - Design Principles of Measurement System Based on Capital Budgeting. In: The 6th International Conference of Information Systems Technology and its Applications (ISTA), vol. 107, pp. 21–32 (2007)
Sonnenreich, W., Albanese, J., Stout, B.: Return On Security Investment (ROSI) A Practical Quantitative Model. Journal of Research and Practice in Information Technology 38(1) (2006)
Stakhanova, N., Basu, S., Wong, J.: A Cost-Sensitive Model for Preemptive Intrusion Response Systems. In: Proceedings of the 21st International Conference on Advanced Networking and Applications (2007)
Kim, D., Lee, T., In, H.: Effective Security Safeguard Selection Process for Return on Security Investment. In: IEEE Asia-Pacific Services Computing Conference (2008)
Kheir, N., Cuppens-Boulahia, N., Cuppens, F., Debar, H.: A Service Dependency Model for Cost-Sensitive Intrusion Response. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 626–642. Springer, Heidelberg (2010)
Kheir, N.: Response policies and countermeasures: Management of service dependencies and intrusion and reaction impacts, PhD Thesis, Ecole Nationale Superieure des Telecommunications de Bretagne (2010)
Lockstep Consulting.: A Guide for Government Agencies Calculating ROSI (2004), http://lockstep.com.au/library/return_on_investment
Norman, T.: Risk Analysis and Security Countermeasure Selection. CRC Press, Taylor & Francis Group (2010)
Pukkawanna, S., Visoottiviseth, V., Pongpaibool, P.: Lightweight Detection of DoS Attacks. In: 15th International Conference on Networks (ICON), pp. 72–82 (2007)
Cavusoglu, H., Mishra, B., Raghunathan, S.: A Model for Evaluating IT Security Investment. Communications of the AMC 47(7), 87–92 (2004)
Duan, C., Cleland-Huang, J.: Automated Safeguard Selection Strategies, CTI Research Symposium (2006)
Neubauer, T., Stummer, C., Weippl, E.: Workshop-based Multiobjective Security Safeguard Selection. In: First International Conference on Availability, Reliability and Security (ARES), pp. 1–8 (2006)
Bistarelli, S., Fioravanti, F., Peretti, P.: Using CP-nets as a guide for countermeasure selection. In: ACM Symposium on Applied Computing, pp. 300–3048 (2007)
Zonouz, A., Khurana, H., Sanders, W., Yardley, T.: A Game-Theoretic Intrusion Response and Recovery Engine. In: International Conference on Dependable Systems and Networks (2009)
Bedi, P., Gandotra, V., Singhal, A., Narang, H., Sharma, S.: Optimal Countermeasures Identification Method: A New Approach in Secure Software Engineering. European Journal of Scientific Research 55(4), 527–537 (2011)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gonzalez Granadillo, G., Débar, H., Jacob, G., Gaber, C., Achemlal, M. (2012). Individual Countermeasure Selection Based on the Return On Response Investment Index. In: Kotenko, I., Skormin, V. (eds) Computer Network Security. MMM-ACNS 2012. Lecture Notes in Computer Science, vol 7531. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-33704-8_14
Download citation
DOI: https://doi.org/10.1007/978-3-642-33704-8_14
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-33703-1
Online ISBN: 978-3-642-33704-8
eBook Packages: Computer ScienceComputer Science (R0)