Abstract
When a threat is observed, one of the most important challenges is to choose the most appropriate and adequate timely decisions in response to the current and near future situation in order to have the least consequences and costs. Making the appropriate and sufficient decisions requires knowing what situations the threat has engendered or may engender. In this paper, we propose a quantitative risk-based method called QR-SACP to calculate and project situational awareness in a network based on threat information sharing. In this method, we investigate a threat from different aspects and evaluate the threat’s effects through dependency weight among the network’s services. We calculate the definite effect of a threat on a service and the cascading propagation of the threat’s definite effect on other dependent services to that service. In addition, we project the probability of a threat propagation or recurrence of the threat in other network services in three ways: procedurally, through network connections and similar infrastructure or services. Experimental results demonstrate that the QR-SACP method can calculate and project definite and probable threats’ effects across the entire network and reveal more details about the threat’s current and near future situations.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ahmad, A., Maynard, S.B., Desouza, K.C., Kotsias, J., Whitty, M.T., Baskerville, R.L.: How can organizations develop situation awareness for incident response: a case study of management practice. Comput. Secur. 101, 102122 (2021)
Alavizadeh, H., et al.: A survey on threat situation awareness systems: framework, techniques, and insights. arXiv preprint arXiv:2110.15747 (2021)
Alavizadeh, H., Alavizadeh, H., Jang-Jaccard, J.: Cyber situation awareness monitoring and proactive response for enterprises on the cloud. In: 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 1276–1284. IEEE (2020)
blackbery: Global threat intelligence report (2023). https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/bbcomv4/blackberry-com/en/solutions/threat-intelligence/2023/threat-intelligence-report-april/blackberry-global-threat-intelligence-report-apr23.pdf
Boehm, B.: Software risk management. In: Ghezzi, C., McDermid, J.A. (eds.) ESEC 1989. LNCS, vol. 387, pp. 1–19. Springer, Heidelberg (1989). https://doi.org/10.1007/3-540-51635-2_29
ccvedetails: (2023). https://www.cvedetails.com/
deepwatch: 2023 annual threat intelligence report (2023). https://www.deepwatch.com/2023-deepwatch-ati-threat-report/?utm_campaign=Threat%20Intel
computer security division, N.: Guide for conducting risk assessments (2012). https://doi.org/10.6028/NIST.SP.800-30r1
Doynikova, E., Kotenko, I.: CVSS-based probabilistic risk assessment for cyber situational awareness and countermeasure selection. In: 2017 25th Euromicro International Conference on Parallel, Distributed and Network-based Processing (PDP), pp. 346–353. IEEE (2017)
Endsley, M.R.: Design and evaluation for situation awareness enhancement. In: Proceedings of the Human Factors Society Annual Meeting, vol. 32, pp. 97–101. Sage Publications Sage CA: Los Angeles, CA (1988)
Franke, U., Brynielsson, J.: Cyber situational awareness-a systematic review of the literature. Comput. Secur. 46, 18–31 (2014)
Han, X.L., Liu, Y., Zhang, Z.J., Lü, X., Li, Y.: Research on model and methodology of big data security situation assessment based on fuzzy set. J. Comput. 29(3), 156–164 (2018)
IT-ISAC: www.it-isac.org (2023). https://www.it-isac.org
Jajodia, S., Liu, P., Swarup, V., Wang, C.: Cyber Situational Awareness. Springer, Cham (2009)
Jim, W., Morrissey, S., Bodeau, D., Powers, S. C.: The risk-to-mission assessment process (RiskMAP): a sensitivity analysis and an extension to treat confidentiality issues (2009). https://www.mitre.org/sites/default/files/pdf/09_2994.pdf
Kou, G., Wang, S., Tang, G.: Research on key technologies of network security situational awareness for attack tracking prediction. Chin. J. Electron. 28(1), 162–171 (2019)
mitre.org: capec.mitre.org (2023). https://capec.mitre.org
Nash, J.: Non-cooperative games. Ann. Math. 54(2), 286–295 (1951)
NVD: nvd.nist.gov (2023). https://nvd.nist.gov
Pahi, T., Leitner, M., Skopik, F.: Analysis and assessment of situational awareness models for national cyber security centers. In: International Conference on Information Systems Security and Privacy, vol. 2, pp. 334–345. SCITEPRESS (2017)
Pendleton, M., Garcia-Lebron, R., Cho, J.H., Xu, S.: A survey on systems security metrics. ACM Comput. Surv. (CSUR) 49(4), 1–35 (2016)
Pöyhönen, J., Rajamäki, J., Ruoslahti, H., Lehto, M.: Cyber situational awareness in critical infrastructure protection. Ann. Disaster Risk Sci. ADRS 3(1) (2020)
Rongrong, X., Xiaochun, Y., Zhiyu, H.: Framework for risk assessment in cyber situational awareness. IET Inf. Secur. 13(2), 149–156 (2019)
Skopik, F., Ma, Z., Smith, P., Bleier, T.: Designing a cyber attack information system for national situational awareness. In: Aschenbruck, N., Martini, P., Meier, M., Tölle, J. (eds.) Future Security 2012. CCIS, vol. 318, pp. 277–288. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33161-9_42
Snort: manual-snort-org.s3-website-us-east-1 (2023). http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node31.html
Solutions, M.C.: An overview of MITRE cyber situational awareness solutions
Zhang, H., Yi, Y., Wang, J., Cao, N., Duan, Q., et al.: Network security situation awareness framework based on threat intelligence. CMC: Comput. Mater. Continua 56(3), 381–399 (2018)
Zhang, H., Yin, Y., Zhao, D., Liu, B., Gao, H.: Network security situational awareness model based on threat intelligence. In: Xiong, J., Wu, S., Peng, C., Tian, Y. (eds.) Mobile Multimedia Communications. LNICST, pp. 526–536. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-89814-4_38
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
A Appendix A
A Appendix A
The following tables show services, organizations properties, network and procedural probabilities and summary of threats that have been used in evaluation. In Sect. 3, the terms used in the tables have been introduced in detail.
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Safarzadehvahed, M., Abazari, F., Shabani, F. (2023). QR-SACP: Quantitative Risk-Based Situational Awareness Calculation and Projection Through Threat Information Sharing. In: Meng, W., Yan, Z., Piuri, V. (eds) Information Security Practice and Experience. ISPEC 2023. Lecture Notes in Computer Science, vol 14341. Springer, Singapore. https://doi.org/10.1007/978-981-99-7032-2_11
Download citation
DOI: https://doi.org/10.1007/978-981-99-7032-2_11
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-7031-5
Online ISBN: 978-981-99-7032-2
eBook Packages: Computer ScienceComputer Science (R0)