Skip to main content
SpringerLink
Log in

Towards a Security Event Data Taxonomy

  • Conference paper
  • First Online:
Risks and Security of Internet and Systems (CRiSIS 2017)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 10694))

Included in the following conference series:

Abstract

The information required to build appropriate impact models depends directly on the nature of the system. The information dealt by health care systems, for instance, is particularly different from the information obtained by energy, telecommunication, transportation, or water supply systems. It is therefore important to properly classify the data of security events according to the nature of the system. This paper proposes an event data classification based on four main aspects: (i) the system’s criticality, i.e., critical vs. non-critical; (ii) the geographical location of the target system, i.e., internal vs. external; (iii) the time at which the information is obtained and used by the attacker i.e., a priory vs. a posteriori; and (iv) the nature of the data, i.e., logical vs. physical. The ultimate goal of the proposed taxonomy is to help organizations in the assessment of their assets and events.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Bielecki, M., Quirchmayr, G.: A prototype for support of computer forensic analysis combined with the expected knowledge level of an attacker to more efficiently achieve investigation results. In: International Conference on Availability, Reliability and Security, pp. 696–701 (2010)

    Google Scholar 

  2. Cayirci, E., Ghergherehchi, R.: Modeling cyber attacks and their effects on decision process. In: Winter Simulation Conference (2011)

    Google Scholar 

  3. Kotenko, I., Doynikova, E.: Countermeasure selection in SIEM systems based on the integrated complex of security metrics. In: 23rd Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (2015)

    Google Scholar 

  4. Granadillo, G.G., Garcia-Alfaro, J., Debar, H.: Using a 3D geometrical model to improve accuracy in the evaluation and selection of countermeasures against complex cyber attacks. In: Thuraisingham, B., Wang, X.F., Yegneswaran, V. (eds.) SecureComm 2015. LNICST, vol. 164, pp. 538–555. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-28865-9_29

    Chapter  Google Scholar 

  5. Gonzalez-Granadillo, G., Rubio-Hernan, J., Garcia-Alfaro, J., Debar, H.: Considering internal vulnerabilities and the attacker’s knowledge to model the impact of cyber events as geometrical prisms. In: Conference on Trust, Security and Privacy in Computing and Communications (2016)

    Google Scholar 

  6. Gonzalez-Granadillo, G., Garcia-Alfaro, J., Debar, H.: An n-sided polygonal model to calculate the impact of cyber security events. In: Cuppens, F., Cuppens, N., Lanet, J.-L., Legay, A. (eds.) CRiSIS 2016. LNCS, vol. 10158, pp. 87–102. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-54876-0_7

    Chapter  Google Scholar 

  7. Kissel, R.: Glossary of key information security terms, Revision 2. National Institute of Standards and Technology. U.S. Department of Commerce (2013)

    Google Scholar 

  8. Gordon, K., Dion, M.: Protection of critical infrastructure and the role of investment policies relating to national security. OECD, White paper (2008)

    Google Scholar 

  9. Sohn Associates: Electricity Distribution System Losses. Non Technical Overview, White paper (2009)

    Google Scholar 

  10. Singapore, Public Utilities Board: Managing the water distribution network with a smart water grid. Int. J. @qua - Smart ICT Water (Smart Water) 1(4), 1–13 (2016)

    Google Scholar 

  11. Coppolino, L., D’Antonio, S., Formicola, V., Romano, L.: Integration of a system for critical infrastructure protection with the OSSIM SIEM Platform: a dam case study. In: Flammini, F., Bologna, S., Vittorini, V. (eds.) SAFECOMP 2011. LNCS, vol. 6894, pp. 199–212. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-24270-0_15

    Chapter  Google Scholar 

  12. Norman, T.L.: Risk Analysis and Security Countermeasure Selection. CRC Press, Taylor & Francis Group, Boca Raton (2010)

    Google Scholar 

  13. Howard, M., Pincus, J., Wing, J.M.: Measuring relative attack surfaces. In: Computer Security in the 21st Century, pp. 109–137 (2005)

    Google Scholar 

  14. Manadhata, P.K., Wing, J.M.: An attack surface metric. IEEE Trans. Softw. Eng. 37(3), 371–386 (2010)

    Article  Google Scholar 

  15. Abbas, A., Saddik, A.E., Miri, A.: A comprehensive approach to designing internet security taxonomy. In: Proceedings of the Canadian Conference on Electrical and Computer Engineering, pp. 1316–1319 (2006)

    Google Scholar 

  16. Noureldien, A.: A novel taxonomy of MANET attacks. In: Conference on Electrical and Information Technologies ICEIT (2015)

    Google Scholar 

  17. Li, N., Tripunitara, M.: Security analysis in role-based access control. Trans. Inf. Syst. Secur. 9(4), 391–420 (2006)

    Article  Google Scholar 

  18. Cuppens, F., Cuppens-Boulahia, N.: Modeling contextual security policies. Int. J. Inf. Secur. 7(4), 285–305 (2008)

    Article  MATH  Google Scholar 

  19. Krautsevich, L., Martinelli, F., Yautsiukhin, A.: Towards modelling adaptive attacker’s behaviour. In: Garcia-Alfaro, J., Cuppens, F., Cuppens-Boulahia, N., Miri, A., Tawbi, N. (eds.) FPS 2012. LNCS, vol. 7743, pp. 357–364. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-37119-6_23

    Chapter  Google Scholar 

  20. Mell, P., Scarfone, K., Romanosky, S.: Common vulnerability scoring system Version 2.0, Specification Document, June 2007

    Google Scholar 

  21. Harrison, K., White, G.: A taxonomy of cyber events affecting communities. In: Proceedings of the 44th Hawaii International Conference on System Sciences (2011)

    Google Scholar 

  22. Shinder, D.: Scenes of the Cybercrime. Computer Forensics Handbook. Syngress Publishing Inc., Burlington (2002)

    Google Scholar 

  23. Libicki, M.: Brandishing cyberattack capabilities. National Defense Research Institute, white paper (2013)

    Google Scholar 

  24. Danyliw, R., Meijer, J., Demchenko, Y.: The incident object description exchange format (IODEF), RFC5070, December 2007

    Google Scholar 

  25. Gerhards, R., Adiscon GmbH: The syslog protocol. Network Working Group (2009)

    Google Scholar 

  26. Debar, H., Curry, D., Feinstein, B.: The intrusion detection message exchange format (IDMEF), RFC4765 (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Atos Research & Innovation, Cybersecurity Laboratory, C/ Pere IV, 291-307, 08020, Barcelona, Spain

    Gustavo Gonzalez-Granadillo

  2. Institut Mines-Télécom, Télécom SudParis, CNRS UMR 5157 SAMOVAR, 9 Rue Charles Fourier, 91011, Evry, France

    José Rubio-Hernán & Joaquin Garcia-Alfaro

Authors
  1. Gustavo Gonzalez-Granadillo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. José Rubio-Hernán
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Joaquin Garcia-Alfaro
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Joaquin Garcia-Alfaro .

Editor information

Editors and Affiliations

  1. IMT Atlantique, Cesson Sévigné, France

    Nora Cuppens

  2. IMT Atlantique, Cesson Sévigné, France

    Frédéric Cuppens

  3. LHS Rennes, Rennes, France

    Jean-Louis Lanet

  4. Inria, Rennes, France

    Axel Legay

  5. Télécom SudParis, Evry Cedex, France

    Joaquin Garcia-Alfaro

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Gonzalez-Granadillo, G., Rubio-Hernán, J., Garcia-Alfaro, J. (2018). Towards a Security Event Data Taxonomy. In: Cuppens, N., Cuppens, F., Lanet, JL., Legay, A., Garcia-Alfaro, J. (eds) Risks and Security of Internet and Systems. CRiSIS 2017. Lecture Notes in Computer Science(), vol 10694. Springer, Cham. https://doi.org/10.1007/978-3-319-76687-4_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-76687-4_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-76686-7

  • Online ISBN: 978-3-319-76687-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation