Evaluation of Computer Network Security
based on Attack Graphs and Security Event Processing

Igor Kotenko^1,2+ and Elena Doynikova¹

¹Laboratory of Computer Security Problems

St. Petersburg Institute for Informatics and Automation (SPIIRAS)

39, 14 Liniya, St. Petersburg, 199178, Russia

{ivkote, doynikova}@comsec.spb.ru

²St. Petersburg National Research University of Information Technologies, Mechanics and Optics

49, Kronverkskiy prospekt, Saint-Petersburg, Russia

Abstract

The paper is devoted to the security assessment problem. Authors suggest an approach to the security assessment based on the attack graphs that can be implemented in contemporary Security Information and Event Management (SIEM) systems. Key feature of the approach consists in the application of the developed security metrics system based on the differentiation of the input data for the metrics calculations. Input data includes, among others, current events from the SIEM system. Proposed metrics form the basis for security awareness and reflect current security situation, including development of attacks, attacks sources and targets, attackers’ characteristics. The suggested technique is demonstrated on a case study.

Keywords: cyber situational awareness, security metrics, security metrics taxonomy, attack graphs,

security incidents, SIEM systems.

+: Corresponding author: Igor Kotenko

Tel: +7(812) 328-71-81, Web: http://www.comsec.spb.ru/

Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA),

Vol. 5, No. 3, pp. 14-29, September 2014 [pdf]