Biologically inspired risk assessment in cyber security using neural networks

Abstract

The only suitable option for risk assessment systems designed with real-time constraints in mind, in the present seems to be the one based on attack graphs. Even though it is not computationally feasible for every circumstance, it is elastic enough for the usual use case. Paper [8] proposes an interesting approach based on attack graphs. An attack graph is a graph that represents all possible sequences of the attacker's actions that lead him/her to the established goals. These action sequences are also called attack traces. The main disadvantage of this approach is its high computational complexity. Thus, attack modeling needs to represent not only the sequences of actions, but also the attack impact, as well as how countermeasures can mitigate this impact and at which cost. However, the human body, based on the immune system, calculates risk every second for offering the correct manner of immune response to foreign threats, without hampering normal cell operation. Why don't we use this behavior in cyber defense systems? Applying Matzinger's danger theory, with the key concept of a distress signal, involved in risk assessment seems to be the logical decision, due to its lite resource consumption and categorical nature, which rapidly defines an attack surface, when correlating information gathered from local agents dispersed on protected hosts. As a proof of concept in favor of supporting this idea, a feed-forward backward-propagating neural network was setup to correlate threat data from agents installed on remote protected hosts. This intelligent system assesses the risk of a cyber-attack taking place and bringing the defense systems to an alarmed state in a timely manner, which can help offer a quick response against an attacker.