Abstract
This paper presents a model to represent graphically the impact of cyber events (e.g., attacks, countermeasures) in a polygonal systems of n-sides. The approach considers information about all entities composing an information system (e.g., users, IP addresses, communication protocols, physical and logical resources, etc.). Every axis is composed of entities that contribute to the execution of the security event. Each entity has an associated weighting factor that measures its contribution using a multi-criteria methodology named CARVER. The graphical representation of cyber events is depicted as straight lines (one dimension) or polygons (two or more dimensions). Geometrical operations are used to compute the size (i.e., length, perimeter, surface area) and thus the impact of each event. As a result, it is possible to identify and compare the magnitude of cyber events. A case study with multiple security events is presented as an illustration on how the model is built and computed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Triangle with a right angle and two equal sides and angles.
- 2.
Triangle with a right angle and all sides of different lengths.
- 3.
Triangle in which all three sides are equal and all three internal angles are congruent to each other.
- 4.
Triangle with all sides and angles unequal.
- 5.
Polygon with four sides and vertices (e.g., square, rhombus, kite, etc.).
- 6.
Quadrilateral whose four sides can be grouped into two pairs of equal-length sides that are adjacent to each other.
- 7.
Parallelogram in which adjacent sides are of unequal lengths and angles are non-right angled.
- 8.
The line segment from the center of a regular polygon to the midpoint of a side.
References
Ansari, A.-N., Mahoor, M.H., Abdel-Mottaleb, M.: Normalized 3D to 2D model-based facial image synthesis for 2D model-based face recognition. In: Conference and Exhibition (GCC), pp. 178–181 (2011)
Cuppens, F., Cuppens-Boulahia, N.: Modeling contextual security policies. Int. J. Inf. Secur. 7, 285–305 (2008)
Cuppens, F., Cuppens-Boulahia, N., Miege, A.: Modelling contexts in the Or-BAC model. In: 19th Annual Computer Security Applications Conference (2003)
Dini, G., Tiloca, M.: On simulative analysis of attack impact in Wireless Sensor Networks. In: 18th Conference on Emerging Technologies & Factory Automation (ETFA). IEEE (2013)
Dini, G., Tiloca, M.: A simulation tool for evaluating attack impact in cyber physical systems. In: Hodicky, J. (ed.) MESAS 2014. LNCS, vol. 8906, pp. 77–94. Springer, Cham (2014). doi:10.1007/978-3-319-13823-7_8
Emerson, N.J., Carrea, M.J., Reilly, G.C., Offiah, A.C.: Geometrically accurate 3D FE models from medical scans created to analyse the causes of sports injuries. In: 5th Asia-Pacific Congress on Sports Technology (APCST), pp. 422–427 (2011)
Gao, X., Tangney, M., Tabirca, S.: 2D simulation and visualization of tumour growth based on discrete mathematical models. In: International Conference on Bioinformatics and Biomedical Technology (ICBBT), pp. 35–41 (2010)
Gonzalez-Granadillo, G., Garcia-Alfaro, J., Debar, H.: Using a 3D geometrical model to improve accuracy in the evaluation and selection of countermeasures against complex cyber attacks. In: Thuraisingham, B., Wang, X.F., Yegneswaran, V. (eds.) SecureComm 2015. LNICSSITE, vol. 164, pp. 538–555. Springer, Cham (2015). doi:10.1007/978-3-319-28865-9_29
Gonzalez-Granadillo, G., Jacob, G., Debar, H.: Attack volume model: geometrical approach and application. In: Lambrinoudakis, C., Gabillon, A. (eds.) CRiSIS 2015. LNCS, vol. 9572, pp. 242–257. Springer, Cham (2015). doi:10.1007/978-3-319-31811-0_15
Hai-Ying, S., Liang, M.: A new triangulation algorithm based on the determination of the polygon’s diagonals. In: International Conference on Computational Intelligence and Software Engineering (2009)
Howard, M.: Mitigate security risks by minimizing the code you expose to untrusted users. In: MSDN Magazine (2004)
Howard, M., Wing, J.: Measuring relative attack surfaces. In: Computer Security in the 21st Century, pp. 109–137 (2005)
Ponemon Institute: State of the endpoint report: user-centric risk. Technical report, Technical Paper (2015)
Kalam, A.A.E., Baida, R.E., Balbiani, P., Benferhat, S., Cuppens, F., Deswarte, Y., Miege, A., Saurel, C., Trouessin, G.: Organization based access control. In: International Workshop on Policies for Distributed Systems and Networks (2003)
Li, N., Tripunitara, M.: Security analysis in role-based access control. ACM Trans. Inf. Syst. Secur. 9, 391–420 (2006)
Liebelt, J., Schmid, C.: Multi-view object class detection with a 3D geometric model. In: Conference on Computer Vision and Pattern Recognition (CVPR), pp. 1688–1695. IEEE (2010)
Manadhata, P., Karabulut, Y., Wing, J.: Measuring the attack surfaces of SAP business applications. In: IEEE International Symposium on Software Reliability Engineering (2008)
Manadhata, P., Wing, J.: An attack surface metric. IEEE Trans. Softw. Eng. 37, 371–386 (2010)
Manadhata, P., Wing, J., Flynn, M., McQueen, M.: Measuring the attack surfaces of two FTP daemons. In: 2nd ACM Workshop on Quality of Protection (2006)
Norman, T.L.: Risk Analysis and Security Countermeasure Selection. CRC Press, Taylor & Francis Group, Boca Raton (2010)
Federation of American Scientists: Special operations forces intelligence, electronic warfare operations, appendix d: target analysis process (1991)
Roberts, B.: The macroeconomic impacts of the 9/11 attack: evidence from real-time forecasting. Working Paper, Homeland Security, Office of Immigration Statistics (2009)
Verizon Enterprise Solutions: 2015 data breach investigations report. Technical report, Research report (2015)
Sommer, B., Wang, S.J., Xu, L., Chen, M., Schreiber, F.: Big Data Visual Analytics (BDVA). In: Hybrid-Dimensional Visualization and Interaction - Integrating 2D and 3D Visualization with Semi-Immersive Navigation Techniques, pp. 1–8 (2015)
Cyber Emergency Response Team: Common cyber attacks: reducing the impact. Technical report, White Paper, CERT UK (2015)
Zhang, J., Huang, M.L.: 2D approach measuring multidimensional data pattern in big data visualization. In: IEEE International Conference on Big Data Analysis (ICBDA), pp. 1–6 (2016)
Acknowledgment
The research in this paper has received funding from PANOPTESEC project, as part of the Seventh Framework Programme (FP7) of the European Commission (GA 610416).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Gonzalez-Granadillo, G., Garcia-Alfaro, J., Debar, H. (2017). An n-Sided Polygonal Model to Calculate the Impact of Cyber Security Events. In: Cuppens, F., Cuppens, N., Lanet, JL., Legay, A. (eds) Risks and Security of Internet and Systems. CRiSIS 2016. Lecture Notes in Computer Science(), vol 10158. Springer, Cham. https://doi.org/10.1007/978-3-319-54876-0_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-54876-0_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-54875-3
Online ISBN: 978-3-319-54876-0
eBook Packages: Computer ScienceComputer Science (R0)