A Security Resilience Metric Framework Based on the Evolution of Attack and Defense Scenarios

Abstract

The frequent attacks show that no information system is absolutely safe and the security capabilities are relative. Security resilience becomes a complementary priority for improving information systems’ continuous service and security capabilities in the face of attacks such as unknown vulnerabilities and backdoors. Endogenous security defense technology has become an important research aspect to improve the security resilience of information systems. However, there are some limitations in the research of the information system security resilience evaluation model, such as lacking indexes to characterize the system security resilience under an attack environment. In this paper, a security resilience enhancement strategy based on dynamic defense is constructed to improve the security performance of the system through IP port hopping and attack surface conversion. For the adversarial behaviors of attackers and defenders, we propose a security resilience metric framework based on the evolution of attack and defense scenarios, which is evaluated using a resilient security evaluation model based on the fuzzy Choquet integral. In the model, the weights of evaluation indicators are calculated based on the DEMATEL method. The 2-addable fuzzy measures of each indicator are calculated secondarily. Then the security performance of the system is calculated using the fuzzy Choquet integral. Absorptive capacity, adaptive capacity, and resilience factor are proposed to better supervise the metric framework’s validity. Finally, four groups of control cases were created by building the Web service system after the endogenous security transformation as the experimental simulation scenario. Experimental simulation results show the superiority of the proposed metric model.