Xiaoyan Sun
ABSTRACT
Cyber attacks inevitably generate impacts towards relevant missions. However, concrete methods to accurately evaluate such impacts are rare. In this paper, we propose a probabilistic approach based on Bayesian networks for quantitative mission impact assessment. A System Object Dependency Graph (SODG) is first built to capture the intrusion propagation process at the low operating system level. On top of the SODG, a mission-task-asset (MTA) map can be established to associate the system objects with corresponding tasks and missions. Based on the MTA map, a Bayesian network can be constructed to leverage the collected intrusion evidence and infer the probabilities of tasks and missions being tainted. This approach is promising for effective quantitative mission impact assessment.
- Gabriel Jakobson. Mission Cyber Security Situation Assessment Using Impact Dependency Graphs.Google Scholar
- Jun Dai, Xiaoyan Sun, Peng Liu, Nicklaus Giacobe. Gaining Big Picture Awareness through an Interconnected Cross-layer Situation Knowledge Reference Model. 2012 ASE International Conference on Cyber Security, Washington DC, 2012 Google ScholarDigital Library
- Tripwire. http://www.tripwire.com/.Google Scholar
- Snort. https://www.snort.org/.Google Scholar
- Tcpdump. http://www.tcpdump.org/.Google Scholar
- S. T. King, and P. M. Chen. Backtracking intrusions. ACM SIGOPS, 2003. Google ScholarDigital Library
- X. Xiong, X. Jia, and P. Liu. Shelf: Preserving business continuity and availability in an intrusion recovery system. ACSAC, 2009. Google ScholarDigital Library
- J. Dai, X. Sun, and P. Liu. Patrol: Revealing zero-day attack paths through network-wide system object dependencies. ESORICS, 2013.Google ScholarCross Ref
- A. Natarajan, P. Ning, Y. Liu, S. Jajodia, and S.E. Hutchinson. NSDMiner: Automated discovery of Network Service Dependencies. In Proceeding of IEEE International Conference on Computer Communications, 2012.Google ScholarCross Ref
- Barry Peddycord III, Peng Ning, and Sushil Jajodia. On the accurate identifi- cation of network service dependencies in distributed systems. In USENIX Association Proceedings of the 26th international conference on Large Installation System Administration: strategies, tools, and techniques, 2012. Google ScholarDigital Library
- Rodrigo Fonseca, George Porter, Randy H. Katz, Scott Shenker, and Ion Stoica. X-trace: A pervasive network tracing framework. In USENIX Association Proceedings of the 4th USENIX conference on Networked systems design and implementation, 2007. Google ScholarDigital Library
- Paul Barham, Richard Black, Moises Goldszmidt, Rebecca Isaacs, John MacCormick, Richard Mortier, and Aleksandr Simma. Constellation: automated discovery of service and host dependencies in networked systems. In TechReport MSR-TR-2008--67, 2008.Google Scholar
- Jun Dai. Gaining Big Picture Awareness in Enterprise Cyber Security Defense. Ph.D. dissertation, 2014.Google Scholar
- S. Musman, A. Temin, M. Tanner, D. Fox, and B. Pridemore. Evaluating the Impact of Cyber Attacks on Missions. MITRE Technical Paper 09--4577, July 2010.Google Scholar
- Alberts C., et al. (2005). Mission Assurance Analysis Protocol (MAAP): Assessing Risk in Complex Environments. Carnegie Mellon University/SEI-2005-TN-032. Pittsburgh, PA: Carnegie Mellon University.Google Scholar
- Watters J., et al. (2009). The Risk-to-Mission Assessment Process (RiskMAP): A Sensitivity Analysis and an Extension to Treat Confidentiality Issues.Google Scholar
- P. Xie, J. H. Li, X. Ou, P. Liu, and R. Levy. Using Bayesian networks for cyber security analysis. DSN, 2010.Google Scholar
- X. Ou, W. F. Boyer, and M. A. McQueen. A scalable approach to attack graph generation. ACM CCS, 2006. Google ScholarDigital Library
- X. Ou, S. Govindavajhala, and A. W. Appel. MulVAL: A Logic-based Network Security Analyzer. USENIX security, 2005. Google ScholarDigital Library
- Xiaoyan Sun, Jun Dai, Anoop Singhal, Peng Liu. Inferring the Stealthy Bridges between Enterprise Network Islands in Cloud Using Cross-Layer Bayesian Networks 10th International Conference on Security and Privacy in Communication Networks (SecureComm 2014), Beijing, ChinaGoogle Scholar
- M. Fong, P. Porras, and A. Valdes. A Mission- Impact-Based Approach to INFOSEC Alarm Correlation. Proceedings Recent Advances in Intrusion Detection. Zurich, Switzerland, October 2002. Google ScholarDigital Library
Index Terms
- Who Touched My Mission: Towards Probabilistic Mission Impact Assessment
Recommendations
Improving the cyber incident mission impact assessment (CIMIA) process
CSIIRW '08: Proceedings of the 4th annual workshop on Cyber security and information intelligence research: developing strategies to meet the cyber security and information intelligence challenges aheadDespite our best efforts to secure our cyberspace; we inevitably experience incidents in the cyber domain which result in the loss of the confidentiality, integrity, or availability of a cyber resource. When a cyber incident occurs, we must quickly and ...
Flight mission scenario generation with knowledge-based system
IEA/AIE '88: Proceedings of the 1st international conference on Industrial and engineering applications of artificial intelligence and expert systems - Volume 1ScenGen (FLIGHT MISSION ScenARIO GenERATOR) is a prototype knowledge based system being developed at Boeing for the Flight Crew Operations Requirements Group. The main objective of ScenGen is to provide a system which utilizes the tools and problem ...
Voyager mission telecommunication firsts
The communications firsts of the National Aeronautics and Space Administration (NASA) Voyager mission are discussed. These include achievements in radio telemetry with regard to distance, the spacecraft hardware, and the earth-based part of the system. ...
Comments