Security frameworks are used to determine the approach to managing a network that may be under attack. The DREAD model from Microsoft, for example, promotes a strategy that is defined according to the impact of the attack on Damage, Reproducibility, Exploitability, Affected users, and Discoverability (DREAD). Each DREAD metric is scored, and the subsequent priorities are used to influence a reaction to the attack. In the event that an identified attack is being carried out by a security auditor, otherwise known as a white hat hacker whose intention is not malicious, the attack may not contribute significant Damage when considered according to DREAD yet may be consuming resources and causing challenges for the network service provider in terms of their ability to fulfil all customer service-level agreements (SLAs). This is therefore an operational event that needs to be responded to when managing the network load yet not necessarily from a cybersecurity perspective—it could, however, be managed from perspective of either performance or security. As an element of a Fault, Configuration, Accounting, Performance and Security (FCAPS) management approach, a response to such an event may involve reacting to a potential performance compromise occurring for security reasons. The network operator or service provider does not need to know the reason why the network is heavily loaded and only needs to ensure sufficient resources to fulfil all SLAs. However, it is recognised that there is an opportunity to pre-emptively identify that the network may become loaded in portions due to the tendencies of people operating within the network, specifically from a cybersecurity perspective and in relation to their intentions. This is in recognition of the fact that people who attack networks have a propensity towards commonalities in their personal characteristics and that these factors can be the drivers behind their attacking of a network. In addition to categorising attackers according to their intention (i.e., black hat and malicious, grey hat and not malicious but may violate laws, or white hat and friendly), a further degree of categorisation is proposed in terms of those who: (1) have some personal pressure which is influencing their desire to carry out malevolent actions online, (2) are naturally highly intelligent and inquisitive, and (3) those who are mentally ill. In this chapter, an approach is proposed to manage the network by profiling the characteristics of users residing across it according to their propensity to carry out a cyber-attack. Furthermore, it is suggested to use this information to pre-empt their activity such that the SLAs for all customers will continue to be achieved throughout the SLA lifetime. This process will be facilitated through the way in which the SLAs are defined and the information collected during the service setup procedure.
- Cyberattacker profiles
- Data management engine
- Performance and Security (FCAPS)
- Service Level Agreement (SLA)
- SLA recommender engine
This is a preview of subscription content, access via your institution.
Tax calculation will be finalised at checkout
Purchases are for personal use onlyLearn about institutional subscriptions
Girs, S., Sentilles, S., Abbaspour Asadollah, A., Ashjael, M., & Mubeen, S. (2020). A systematic literature study on definition and modelling of service-level agreements for cloud services in IoT. IEEE Access, 8, 134498–134513. https://doi.org/10.1109/ACCESS.2020.3011483.
Ali Zainelabden, A., Ibrahim, A., Kliazovich, D., & Bouvry, P. (2016). Service level agreement assurance between cloud services providers and cloud customers. In 16th IEEE/ACM International Symposium on Cluster, Cloud, and Grid Computing (pp. 588–591). https://doi.org/10.1109/CCGrid.2016.56
Anithakumari, S., & Chandrasekaran, K. (2015). Monitoring and management of service level agreements in cloud computing. In International Conference on Cloud and Autonomic Computing (pp. 204–207). https://doi.org/10.1109/ICCAC.2015.28
The Guardian. (2012, October). Gary McKinnon timeline: Events leading up to extradition decision. Online. Retrieved January 27, 2021, from https://www.theguardian.com/world/2012/oct/16/gary-mckinnon-timeline-extradition
BBC. (2001, July). Teen hacker escapes jail sentence. Online. Retrieved January 27, 2021, from http://news.bbc.co.uk/1/hi/wales/1424937.stm
Peoples, C., Moore, A., & Zoualfaghari, M. (2020, August). A review of the opportunity to connect elderly citizens to the internet of things (IoT) and gaps in the service level agreement (SLA) provisioning process. EAI Endorsed Transactions on Cloud Systems. https://doi.org/10.4108/eai.22-5-2020.165993
Centre for Public Health. (2015). The mental health needs of gang-affiliated young people. Public Health England. Retrieved January 27, 2021, from https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/771130/The_mental_health_needs_of_gang-affiliated_young_people_v3_23_01_1.pdf
Microsoft. (2010, July). Chapter 3—Threat modelling. Online. Retrieved January 27, 2021, from https://docs.microsoft.com/en-us/previous-versions/msp-n-p/ff648644(v=pandp.10)?redirectedfrom=MSDN#c03618429_011
OWASP. (n.d.). Introduction, the OWASP testing project. Online. Retrieved January 27, 2021, from https://owasp.org/www-project-web-security-testing-guide/stable/2-Introduction/README.html#The-OWASP-Testing-Project
National Cyber Security Centre. Small business guide: Cyber security. Online. Retrieved January 27, 2021, from https://www.ncsc.gov.uk/collection/small-business-guide
Office for National Statistics. (2020, August). Internet access—Households and individuals, Great Britain: 2020. Online. Retrieved January 27, 2021, from https://www.ons.gov.uk/peoplepopulationandcommunity/householdcharacteristics/homeinternetandsocialmediausage/bulletins/internetaccesshouseholdsandindividuals/2020
National Institute of Standards and Technology. (n.d.). Cybersecurity framework. Online. Retrieved January 27, 2021, from nist.gov/cyberframework
Ghosh, I. (2019, November). This is the crippling cost of cybercrime on corporations. World Economic Forum. Retrieved January 27, 2021, from https://www.weforum.org/agenda/2019/11/cost-cybercrime-cybersecurity/
Microsoft. (2018, June). Threat modelling for drivers. Retrieved January 27, 2021, from https://docs.microsoft.com/en-us/windows-hardware/drivers/driversecurity/threat-modeling-for-drivers#:~:text=To%20prioritize%20the%20threats%20to,High%20scores%20indicate %20serious%20threats
Common Weakness Enumeration Homepage. Retrieved January 27, 2021, from https://cwe.mitre.org/
Microsoft. What are the Microsoft SLA practices? Online. Retrieved January 27, 2021, from https://www.microsoft.com/en-us/securityengineering/sdl/practices#practice1
Schneier, B. (2016). The security mindset. IEEE Computer, 49, 7–8. https://doi.org/10.1109/MC.2016.38.
Blankenship, L. (2020, May). The hacker manifesto. Wikisource, edited. Retrieved January 27, 2021, from https://en.wikisource.org/wiki/The_Hacker_Manifesto
Patil, S., Jangra, A., Bhale, M., et al. (2017). Ethical hacking: The need for cyber security. In IEEE International Conference on Power, Control, Signals and Instrumentation Engineering (pp. 1602–1606). https://doi.org/10.1109/ICPCSI.2017.8391982
McAlaney, J., Kimpton, E., & Thackray, H. (2019). Fifty shades of grey hat: A socio-psychological analysis of conversations on hacking forums. In Annual CyberPsychology, CyberTherapy & Social Networking Conference.
Shakarian, J., Gunn, A. T., & Shakarian, P. (2016). Exploring malicious hacker forums. Cyber Deception, 259–282. https://doi.org/10.1007/978-3-319-32699-3_11.
Bratus, S. (2007). Hacker curriculum: How hackers learn networking. IEEE Distributed Systems Online, 8(10). https://doi.org/10.1109/MDSO.2007.58.
Patil, S., Jangra, A., Bhale, M., Raina, A., & Kulkarni, P. (2017). Ethical hacking: The need for cyber security. In IEEE Int. Conf. on Power, Control, Signals and Instrumentation Engineering. https://doi.org/10.1109/ICPCSI.2017.8391982
Himanen, P. (2010). The hacker ethic. Random House. ISBN: 1407064290, 9781407064291.
Hackers, Crackers and Thieves. (n.d.). Jonathan Joseph James. Online. Retrieved January 27, 2021, from https://www.hackerscrackersandthieves.com/jonathan-joseph-james/
Driscoll, K. (2016). Social media’s dial-up ancestor: The bulletin board system. IEEE Spectrum. Retrieved January 22, 2021, from https://spectrum.ieee.org/tech-history/cyberspace/social-medias-dialup-ancestor-the-bulletin-board-system
Sterling, B. (1992). The hacker crackdown, law and disorder on the electronic frontier. Bantam Books.
Phrack, Inc.. (n.d.). The history of the legion of doom (Vol. 18, Iss. 31). Online. Retrieved January 27, 2021, from http://phrack.org/issues/31/5.html
The Federal Bureau of Investigation. (2019). ‘Iceman’ computer hacker receives 13-year prison sentence. Online. Retrieved 27, January 2021, from https://archives.fbi.gov/archives/pittsburgh/press-releases/2010/pt021210b.htm
Suddath, C. (2009). Master Hacker Albert Gonzalez. TIME. Retrieved January 27, 2021, from http://content.time.com/time/business/article/0,8599,1917345,00.html
The United States Department of Justice. (2017). Russian cyber-criminal sentenced to 14 years in prison for role in organized cybercrime ring responsible for $50 million in online identity theft and $9 million Bank fraud conspiracy. Online. Retrieved January 27, 2021, from https://www.justice.gov/opa/pr/russian-cyber-criminal-sentenced-14-years-prison-role-organized-cybercrime-ring-responsible
BBC. (2016). US Bank Hackers get Long Jail Term. Online. Retrieved January 27, 2021, from https://www.bbc.co.uk/news/technology-36101078
Meisner, J. (2018). ‘Lizard squad’ hacker-for-hire cries in court as he’s sentenced to three months in prison. Chicago Tribute. Retrieved January 27, 2021, from https://www.chicagotribune.com/news/breaking/ct-met-hacker-zachary-buchta-sentenced-20180327-story.html.
Hersher, R. (2015). Meet Mafiaboy, The ‘Bratty Kid’ who Took Down the Internet. npr. Retrieved January 27, 2021, from https://www.npr.org/sections/alltechconsidered/2015/02/07/384567322/meet-mafiaboy-the-bratty-kid-who-took-down-the-internet
The Guardian. (2001, July). Welsh teen hacker sentenced. Online. Retrieved January 27, 2021, from https://www.theguardian.com/technology/2001/jul/06/security.internetcrime
Frontline. (n.d.). Interview: anonymous. Online. Retrieved January 27, 2021, from https://www.pbs.org/wgbh/pages/frontline/shows/hackers/interviews/anon.html
IMDb.com (n.d.). Adrian Lamo Biography. Online. Retrieved January 27, 2021, from https://www.imdb.com/name/nm2238804/bio
Doherty, S. (2016). ‘I was lucky’: UK’s ‘youngest hacker’ 10 years on. Metro. Retrieved January 27, 2021, from https://metro.co.uk/2016/11/05/i-was-lucky-uks-youngest-hacker-10-years-on-6216170/
Kushner, D. (2011). The autistic hacker. IEEE Spectrum. Retrieved January 27, 2021, from https://spectrum.ieee.org/telecom/internet/the-autistic-hacker
IMDb.com. (n.d.). Kevin Mitnick biography. Online. Retrieved January 27, 2021, from https://www.imdb.com/name/nm1137342/bio?ref_=nm_ov_bio_sm
MitnickSecurity Homepage. Retrieved January 27, 2021, from https://www.mitnicksecurity.com/about-kevin-mitnick-mitnick-security
Federal Bureau of Investigation. (2018). Morris worm 30 years since the first major attack on the Internet. Online. Retrieved January 27, 2021, from https://www.fbi.gov/news/stories/morris-worm-30-years-since-first-major-attack-on-internet-110218
Jecan, V. (2011). Hacking Hollywood: Discussing Hackers’ reactions to three popular films. Journal of Media Research, 2(10), 95–114.
NNDB. (n.d.). Kevin Poulsen. Online. Retrieved January 27, 2021, from https://www.nndb.com/people/453/000022387/
The United States Attorney’s Office Western District of Washington. (2012). Russian hacker arrested in Cyprus for 2008 cyber attack on Amazon.com . Online. Retrieved January 27, 2021, from https://www.justice.gov/archive/usao/waw/press/2012/July/zubakha.html
European Parliament and Council of the European Union. (2018). General data protection regulation. COM/2012/010 (COD).
Editors and Affiliations
© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Peoples, C., Rafferty, J., Moore, A., Zoualfaghari, M. (2021). Managing Cybersecurity Events Using Service-Level Agreements (SLAs) by Profiling the People Who Attack. In: Daimi, K., Peoples, C. (eds) Advances in Cybersecurity Management. Springer, Cham. https://doi.org/10.1007/978-3-030-71381-2_11
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-71380-5
Online ISBN: 978-3-030-71381-2