Continuous Monitoring System Based on Systems' Environment

Eli Weintraub, Yuval Cohen

Abstract


We present a new framework (and its mechanisms) of a Continuous Monitoring System (CMS) having new improved capabilities, and discuss its requirements and implications. The CMS is based on the real-time actual configuration of the system and the environment rather than a theoretic or assumed configuration. Moreover, the CMS predicts organizational damages taking into account chains of impacts among systems' components generated by messaging among software components. In addition, the CMS takes into account all organizational effects of an attack. Its risk measurement takes into account the consequences of a threat, as defines in risk analysis standards. Loss prediction is based on a neural network algorithm with learning and improving capabilities, rather than a fixed algorithm which typically lacks the necessary environmental dynamic updates. Framework presentation includes systems design, neural network architecture design, and an example of the detailed network architecture.

Keywords


Continuous Monitoring, Computer security, Attack graph, Software vulnerability, Risk management, Impact propagation, Cyber attack, Configuration management

Full Text:

XML

References


Albanese M., Jajodia S., Jhawar R., and Piuri V., (2013). Reliable Mission Deployment in Vulnerable Distributed Systems, proceedings of the 43rd Annual IEEE/IFIP International

Conference on Dependable Systems and Networks, Budapest, Hungary, June 24-27, 2013.

Collier Z. A., DiMase D., Walters S., Tehranipoor M., Lambert J. H., Linkov I., (2014).

Cybersecurity Standards: Managing Risk and Creating Resilience, Computer, Vol. 47 Issue No. 09 September 2014, IEEE.

Dempsey K., Chawia N. S., Johnson A., Johnston R., Jones A., C., Orebaugh A., Scholl M., and Stine K., (2011). Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations, NIST.

Grimalia M. R., Fortson L. W., and Sutton J. L., (2009). Design considerations for a cyber Incident Mission Impact Assessment (CIMIA) Process, Proceedings of the 2009 International Conference on Security and Management (SAM09), Las Vegas.

Han J., and Kamber M., (2006) Data Mining: Concepts and Techniques, 2nd ed. San Francisco, CA, Morgan Kaufmann Publishers.

Hardy M. G., (2012). Beyond Continuous Monitoring: Threat Modeling for Real-time Response, SANS Institute.

Holsopple J., and Yang S. J., (2008). FuSIA: Future Situation and Impact Awareness, in Proceedings of the 11th International Conference on Information Fusion, Cologne, Germany, July 1-3 2008, ISIS.IEEE.

Jajodia S., Noel S., Kalapa P., Albanese M., and Williams J., (2011). Cauldron: Mission-Centric Cyber Situational Awareness with Defense in Depth, in Proceedings of the Military Communications Conference, (pp. 1339-1344), USA.

Jakobson G., (2011). Mission Cyber Security Situation Assessment Using Impact Dependency Graphs, The 14th International Conference on Information Fusion, Chicago, USA, July 5-8, 2011.

Keller A. and Subramanianm S., (2009). Best practices for deploying a CMDB in large-scale environments, Proceedings of the IFIP/IEEE international conference on Symposium on Integrated Network Management, pages 732-745, NJ, IEEE Press Piscataway.

Kotenko I. and Chechulin A., (2014). Fast Network Attack Modeling and Security Evaluation based on Attack Graphs, Journal of Cyber Security and Mobility Vol. 3 No. 1 pp 27-46.

Langer L., (2011). Stuxsnet: Dissecting a Cyber Warfare Weapon, Security and Privacy IEEE, Volume: 9 Issue: 3, pages 49-51, NJ, USA.

Mell P., Scarfone K., and Romanosky S., (2007). CVSS - A Complete Guide to the Common Vulnerability Scoring System, Version 2.0, Retrieved on October 13, 2014 from http://www.first.org/cvss/cvss-guide.

Nũez Y. F., (2008). Maximizing an organization's information security posture by distributedly assessing and remeding system vulnerabilities, 2008 IEEE, International Conference on Networking, Sensing and Control, China, April 6-8, 2008.

Scarfone K., and Mell P., (2007). Guide to Intrusion Detection and Prevention Systems (IDPS), NIST, 2007.

Symantec, (1997). Understanding Heuristics: Symantec's Bloodhound Technology, White paper XXXIV.

Tom S., Christiansen D., Berrett D., (2008). Recommended Practice for Patch Management of Control Systems, DHS National Cyber Security Division Control Systems Security Program.

Wang L., Noel S., and Jajodia S., (2006). Minimum-cost network hardening using attack graphs, Computer Communications 29, Issue 18, pp. 3812–3824.


Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

(c) 2006-2015 Association of Digital Forensics, Security and Law