Skip to main content
SpringerLink
Log in

QR-SACP: Quantitative Risk-Based Situational Awareness Calculation and Projection Through Threat Information Sharing

  • Conference paper
  • First Online:
Information Security Practice and Experience (ISPEC 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14341))

  • 297 Accesses

Abstract

When a threat is observed, one of the most important challenges is to choose the most appropriate and adequate timely decisions in response to the current and near future situation in order to have the least consequences and costs. Making the appropriate and sufficient decisions requires knowing what situations the threat has engendered or may engender. In this paper, we propose a quantitative risk-based method called QR-SACP to calculate and project situational awareness in a network based on threat information sharing. In this method, we investigate a threat from different aspects and evaluate the threat’s effects through dependency weight among the network’s services. We calculate the definite effect of a threat on a service and the cascading propagation of the threat’s definite effect on other dependent services to that service. In addition, we project the probability of a threat propagation or recurrence of the threat in other network services in three ways: procedurally, through network connections and similar infrastructure or services. Experimental results demonstrate that the QR-SACP method can calculate and project definite and probable threats’ effects across the entire network and reveal more details about the threat’s current and near future situations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ahmad, A., Maynard, S.B., Desouza, K.C., Kotsias, J., Whitty, M.T., Baskerville, R.L.: How can organizations develop situation awareness for incident response: a case study of management practice. Comput. Secur. 101, 102122 (2021)

    Article  Google Scholar 

  2. Alavizadeh, H., et al.: A survey on threat situation awareness systems: framework, techniques, and insights. arXiv preprint arXiv:2110.15747 (2021)

  3. Alavizadeh, H., Alavizadeh, H., Jang-Jaccard, J.: Cyber situation awareness monitoring and proactive response for enterprises on the cloud. In: 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 1276–1284. IEEE (2020)

    Google Scholar 

  4. blackbery: Global threat intelligence report (2023). https://www.blackberry.com/us/en/pdfviewer?file=/content/dam/bbcomv4/blackberry-com/en/solutions/threat-intelligence/2023/threat-intelligence-report-april/blackberry-global-threat-intelligence-report-apr23.pdf

  5. Boehm, B.: Software risk management. In: Ghezzi, C., McDermid, J.A. (eds.) ESEC 1989. LNCS, vol. 387, pp. 1–19. Springer, Heidelberg (1989). https://doi.org/10.1007/3-540-51635-2_29

    Chapter  Google Scholar 

  6. ccvedetails: (2023). https://www.cvedetails.com/

  7. deepwatch: 2023 annual threat intelligence report (2023). https://www.deepwatch.com/2023-deepwatch-ati-threat-report/?utm_campaign=Threat%20Intel

  8. computer security division, N.: Guide for conducting risk assessments (2012). https://doi.org/10.6028/NIST.SP.800-30r1

  9. Doynikova, E., Kotenko, I.: CVSS-based probabilistic risk assessment for cyber situational awareness and countermeasure selection. In: 2017 25th Euromicro International Conference on Parallel, Distributed and Network-based Processing (PDP), pp. 346–353. IEEE (2017)

    Google Scholar 

  10. Endsley, M.R.: Design and evaluation for situation awareness enhancement. In: Proceedings of the Human Factors Society Annual Meeting, vol. 32, pp. 97–101. Sage Publications Sage CA: Los Angeles, CA (1988)

    Google Scholar 

  11. Franke, U., Brynielsson, J.: Cyber situational awareness-a systematic review of the literature. Comput. Secur. 46, 18–31 (2014)

    Article  Google Scholar 

  12. Han, X.L., Liu, Y., Zhang, Z.J., Lü, X., Li, Y.: Research on model and methodology of big data security situation assessment based on fuzzy set. J. Comput. 29(3), 156–164 (2018)

    Google Scholar 

  13. IT-ISAC: www.it-isac.org (2023). https://www.it-isac.org

  14. Jajodia, S., Liu, P., Swarup, V., Wang, C.: Cyber Situational Awareness. Springer, Cham (2009)

    MATH  Google Scholar 

  15. Jim, W., Morrissey, S., Bodeau, D., Powers, S. C.: The risk-to-mission assessment process (RiskMAP): a sensitivity analysis and an extension to treat confidentiality issues (2009). https://www.mitre.org/sites/default/files/pdf/09_2994.pdf

  16. Kou, G., Wang, S., Tang, G.: Research on key technologies of network security situational awareness for attack tracking prediction. Chin. J. Electron. 28(1), 162–171 (2019)

    Article  Google Scholar 

  17. mitre.org: capec.mitre.org (2023). https://capec.mitre.org

  18. Nash, J.: Non-cooperative games. Ann. Math. 54(2), 286–295 (1951)

    Article  MathSciNet  MATH  Google Scholar 

  19. NVD: nvd.nist.gov (2023). https://nvd.nist.gov

  20. Pahi, T., Leitner, M., Skopik, F.: Analysis and assessment of situational awareness models for national cyber security centers. In: International Conference on Information Systems Security and Privacy, vol. 2, pp. 334–345. SCITEPRESS (2017)

    Google Scholar 

  21. Pendleton, M., Garcia-Lebron, R., Cho, J.H., Xu, S.: A survey on systems security metrics. ACM Comput. Surv. (CSUR) 49(4), 1–35 (2016)

    Article  Google Scholar 

  22. Pöyhönen, J., Rajamäki, J., Ruoslahti, H., Lehto, M.: Cyber situational awareness in critical infrastructure protection. Ann. Disaster Risk Sci. ADRS 3(1) (2020)

    Google Scholar 

  23. Rongrong, X., Xiaochun, Y., Zhiyu, H.: Framework for risk assessment in cyber situational awareness. IET Inf. Secur. 13(2), 149–156 (2019)

    Article  Google Scholar 

  24. Skopik, F., Ma, Z., Smith, P., Bleier, T.: Designing a cyber attack information system for national situational awareness. In: Aschenbruck, N., Martini, P., Meier, M., Tölle, J. (eds.) Future Security 2012. CCIS, vol. 318, pp. 277–288. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33161-9_42

    Chapter  Google Scholar 

  25. Snort: manual-snort-org.s3-website-us-east-1 (2023). http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node31.html

  26. Solutions, M.C.: An overview of MITRE cyber situational awareness solutions

    Google Scholar 

  27. Zhang, H., Yi, Y., Wang, J., Cao, N., Duan, Q., et al.: Network security situation awareness framework based on threat intelligence. CMC: Comput. Mater. Continua 56(3), 381–399 (2018)

    Google Scholar 

  28. Zhang, H., Yin, Y., Zhao, D., Liu, B., Gao, H.: Network security situational awareness model based on threat intelligence. In: Xiong, J., Wu, S., Peng, C., Tian, Y. (eds.) Mobile Multimedia Communications. LNICST, pp. 526–536. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-89814-4_38

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Queen’s University, Kingston, Canada

    Mahdieh Safarzadehvahed

  2. Former postdoctoral fellow at University of Saskatchewan, Saskatoon, SK, Canada

    Farzaneh Abazari

  3. Tarbiat Modares University, Tehran, Iran

    Fateme Shabani

Authors
  1. Mahdieh Safarzadehvahed
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Farzaneh Abazari
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Fateme Shabani
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mahdieh Safarzadehvahed .

Editor information

Editors and Affiliations

  1. Technical University of Denmark, Kongens Lyngby, Denmark

    Weizhi Meng

  2. Xidian University, Xi'an, China

    Zheng Yan

  3. University of Milan, Milan, Italy

    Vincenzo Piuri

A Appendix A

A Appendix A

The following tables show services, organizations properties, network and procedural probabilities and summary of threats that have been used in evaluation. In Sect. 3, the terms used in the tables have been introduced in detail.

Table 2. Service Information
Full size table
Table 3. Network Probability Propagation
Full size table
Table 4. Organization Information
Full size table
Table 5. Procedural Probability Propagation
Full size table
Table 6. Summary of Threats and Results
Full size table

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Safarzadehvahed, M., Abazari, F., Shabani, F. (2023). QR-SACP: Quantitative Risk-Based Situational Awareness Calculation and Projection Through Threat Information Sharing. In: Meng, W., Yan, Z., Piuri, V. (eds) Information Security Practice and Experience. ISPEC 2023. Lecture Notes in Computer Science, vol 14341. Springer, Singapore. https://doi.org/10.1007/978-981-99-7032-2_11

Download citation

  • DOI: https://doi.org/10.1007/978-981-99-7032-2_11

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-99-7031-5

  • Online ISBN: 978-981-99-7032-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation