Abstract

The impact quantification of attacks and security countermeasures is an active research in the information and communications technology domain. Supporters of the Return On Investment (ROI), and all its variants, propose quantitative models that estimate their parameters based on expert knowledge, statistical data, simulation and risk assessment tools. Although results are used for relative comparisons, a great level of subjectivity is considered while estimating each parameter composing the model. In single attack scenarios, the use of cost sensitive metrics allows the evaluation and selection of security countermeasures. However, for attack attacks against critical infrastructures, this approach is not accurate enough to determine the impact of the equipment(s), subject(s), and/or action(s) that take part in a security incident. This paper proposes, therefore, a geometrical model that represents the volume of systems, attacks and countermeasures based on a three-dimensional coordinate system (i.e., user, channel, and resource). As a result, volumes are related to risks, making it possible to select optimal countermeasures against complex attacks based on a cost-sensitive metric. A case study on a critical infrastructure control process is provided at the end of the paper to show the applicability of our model in a scenario with two attacks.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.