Abstract
The information required to build appropriate impact models depends directly on the nature of the system. The information dealt by health care systems, for instance, is particularly different from the information obtained by energy, telecommunication, transportation, or water supply systems. It is therefore important to properly classify the data of security events according to the nature of the system. This paper proposes an event data classification based on four main aspects: (i) the system’s criticality, i.e., critical vs. non-critical; (ii) the geographical location of the target system, i.e., internal vs. external; (iii) the time at which the information is obtained and used by the attacker i.e., a priory vs. a posteriori; and (iv) the nature of the data, i.e., logical vs. physical. The ultimate goal of the proposed taxonomy is to help organizations in the assessment of their assets and events.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bielecki, M., Quirchmayr, G.: A prototype for support of computer forensic analysis combined with the expected knowledge level of an attacker to more efficiently achieve investigation results. In: International Conference on Availability, Reliability and Security, pp. 696–701 (2010)
Cayirci, E., Ghergherehchi, R.: Modeling cyber attacks and their effects on decision process. In: Winter Simulation Conference (2011)
Kotenko, I., Doynikova, E.: Countermeasure selection in SIEM systems based on the integrated complex of security metrics. In: 23rd Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (2015)
Granadillo, G.G., Garcia-Alfaro, J., Debar, H.: Using a 3D geometrical model to improve accuracy in the evaluation and selection of countermeasures against complex cyber attacks. In: Thuraisingham, B., Wang, X.F., Yegneswaran, V. (eds.) SecureComm 2015. LNICST, vol. 164, pp. 538–555. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-28865-9_29
Gonzalez-Granadillo, G., Rubio-Hernan, J., Garcia-Alfaro, J., Debar, H.: Considering internal vulnerabilities and the attacker’s knowledge to model the impact of cyber events as geometrical prisms. In: Conference on Trust, Security and Privacy in Computing and Communications (2016)
Gonzalez-Granadillo, G., Garcia-Alfaro, J., Debar, H.: An n-sided polygonal model to calculate the impact of cyber security events. In: Cuppens, F., Cuppens, N., Lanet, J.-L., Legay, A. (eds.) CRiSIS 2016. LNCS, vol. 10158, pp. 87–102. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-54876-0_7
Kissel, R.: Glossary of key information security terms, Revision 2. National Institute of Standards and Technology. U.S. Department of Commerce (2013)
Gordon, K., Dion, M.: Protection of critical infrastructure and the role of investment policies relating to national security. OECD, White paper (2008)
Sohn Associates: Electricity Distribution System Losses. Non Technical Overview, White paper (2009)
Singapore, Public Utilities Board: Managing the water distribution network with a smart water grid. Int. J. @qua - Smart ICT Water (Smart Water) 1(4), 1–13 (2016)
Coppolino, L., D’Antonio, S., Formicola, V., Romano, L.: Integration of a system for critical infrastructure protection with the OSSIM SIEM Platform: a dam case study. In: Flammini, F., Bologna, S., Vittorini, V. (eds.) SAFECOMP 2011. LNCS, vol. 6894, pp. 199–212. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24270-0_15
Norman, T.L.: Risk Analysis and Security Countermeasure Selection. CRC Press, Taylor & Francis Group, Boca Raton (2010)
Howard, M., Pincus, J., Wing, J.M.: Measuring relative attack surfaces. In: Computer Security in the 21st Century, pp. 109–137 (2005)
Manadhata, P.K., Wing, J.M.: An attack surface metric. IEEE Trans. Softw. Eng. 37(3), 371–386 (2010)
Abbas, A., Saddik, A.E., Miri, A.: A comprehensive approach to designing internet security taxonomy. In: Proceedings of the Canadian Conference on Electrical and Computer Engineering, pp. 1316–1319 (2006)
Noureldien, A.: A novel taxonomy of MANET attacks. In: Conference on Electrical and Information Technologies ICEIT (2015)
Li, N., Tripunitara, M.: Security analysis in role-based access control. Trans. Inf. Syst. Secur. 9(4), 391–420 (2006)
Cuppens, F., Cuppens-Boulahia, N.: Modeling contextual security policies. Int. J. Inf. Secur. 7(4), 285–305 (2008)
Krautsevich, L., Martinelli, F., Yautsiukhin, A.: Towards modelling adaptive attacker’s behaviour. In: Garcia-Alfaro, J., Cuppens, F., Cuppens-Boulahia, N., Miri, A., Tawbi, N. (eds.) FPS 2012. LNCS, vol. 7743, pp. 357–364. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-37119-6_23
Mell, P., Scarfone, K., Romanosky, S.: Common vulnerability scoring system Version 2.0, Specification Document, June 2007
Harrison, K., White, G.: A taxonomy of cyber events affecting communities. In: Proceedings of the 44th Hawaii International Conference on System Sciences (2011)
Shinder, D.: Scenes of the Cybercrime. Computer Forensics Handbook. Syngress Publishing Inc., Burlington (2002)
Libicki, M.: Brandishing cyberattack capabilities. National Defense Research Institute, white paper (2013)
Danyliw, R., Meijer, J., Demchenko, Y.: The incident object description exchange format (IODEF), RFC5070, December 2007
Gerhards, R., Adiscon GmbH: The syslog protocol. Network Working Group (2009)
Debar, H., Curry, D., Feinstein, B.: The intrusion detection message exchange format (IDMEF), RFC4765 (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Gonzalez-Granadillo, G., Rubio-Hernán, J., Garcia-Alfaro, J. (2018). Towards a Security Event Data Taxonomy. In: Cuppens, N., Cuppens, F., Lanet, JL., Legay, A., Garcia-Alfaro, J. (eds) Risks and Security of Internet and Systems. CRiSIS 2017. Lecture Notes in Computer Science(), vol 10694. Springer, Cham. https://doi.org/10.1007/978-3-319-76687-4_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-76687-4_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-76686-7
Online ISBN: 978-3-319-76687-4
eBook Packages: Computer ScienceComputer Science (R0)