Evaluation of Computer Network
St. Petersburg Institute for Informatics and Automation (SPIIRAS)
39, 14 Liniya, St. Petersburg, 199178, Russia
2St. Petersburg National Research University of Information Technologies, Mechanics and Optics
Kronverkskiy prospekt, Saint-Petersburg, Russia
The paper is devoted to the security assessment problem. Authors suggest an approach to the security assessment based on the attack graphs that can be implemented in contemporary Security Information and Event Management (SIEM) systems. Key feature of the approach consists in the application of the developed security metrics system based on the differentiation of the input data for the metrics calculations. Input data includes, among others, current events from the SIEM system. Proposed metrics form the basis for security awareness and reflect current security situation, including development of attacks, attacks sources and targets, attackers¡¯ characteristics. The suggested technique is demonstrated on a case study.
Keywords: cyber situational awareness, security metrics, security metrics taxonomy, attack graphs,
security incidents, SIEM systems.
+: Corresponding author: Igor Kotenko
Tel: +7(812) 328-71-81, Web: http://www.comsec.spb.ru/
Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA),
Vol. 5, No. 3, pp. 14-29, September 2014 [pdf]