Evaluation of Computer Network
Security
St.
Petersburg Institute for Informatics and Automation (SPIIRAS) 39,
14 Liniya, St. Petersburg, 199178, Russia {ivkote, doynikova}@comsec.spb.ru 2St. Petersburg
National Research University of Information Technologies, Mechanics and
Optics 49,
Kronverkskiy prospekt, Saint-Petersburg, Russia Abstract The paper is
devoted to the security assessment problem. Authors suggest an approach to
the security assessment based on the attack graphs that can be implemented in
contemporary Security Information and Event Management (SIEM) systems. Key
feature of the approach consists in the application of the developed security
metrics system based on the differentiation of the input data for the metrics
calculations. Input data includes, among others, current events from the SIEM
system. Proposed metrics form the basis for security awareness and reflect
current security situation, including development of attacks, attacks sources
and targets, attackers¡¯ characteristics. The suggested technique is demonstrated
on a case study. Keywords: cyber situational awareness, security
metrics, security metrics taxonomy, attack graphs, security incidents, SIEM systems. +: Corresponding author: Igor Kotenko Tel: +7(812) 328-71-81, Web: http://www.comsec.spb.ru/ Journal of Wireless
Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), Vol. 5, No. 3,
pp. 14-29, September 2014 [pdf] |