Abstract
Cyberattacks targeting ICT systems are becoming every day more sophisticated and disruptive. Such malevolent actions are performed by ill-motivated entities (governments, states, administrations, etc.), often featuring almost unlimited resources, but also by skilled individuals due to the accessibility of the attacks source code. In this alarming scenario, the selection of the optimal set of countermeasures to fire against those attacks represents a primary necessity. While significant effort has been made toward the standardization of the representation of security-related knowledge such as vulnerabilities, weaknesses, and attacks, the intelligence surrounding the countermeasures field received considerably less attention. The paper at hand aims at contributing to the reaction ecosystem by proposing a standard representation of the countermeasure instances. With such a proposition, we address one of the critical challenges found in the literature, that is, the absence of a commonly-shared definition of remediations. To demonstrate the feasibility of our approach, we present several scenarios where some relevant countermeasures are efficiently enforced, resulting in mitigating the ongoing cyberthreat. Then, the advantages and disadvantages of our proposal are extensively discussed, opening the debate for novel and effective contributions in this research line.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.Notes
ISO/IEC 27002:2005 Code of practice for information security management. https://www.iso.org/standard/50297.html.
AJP-5, Allied Joint Doctrine for the Planning of Operations, https://nso.nato.int/nso/.
CVSS, common vulnerabilities scoring system. https://www.first.org/cvss.
MITRE ATT&CK. https://attack.mitre.org/.
References
Bhol, S.G., Mohanty, J.R., Pattnaik, P.K.: Cyber security metrics evaluation using multi-criteria decision-making approach. In: Satapathy, S.C., Bhateja, V., Mohanty, J.R., Udgata, S.K. (eds.) Smart Intelligent Computing and Applications, pp. 665–675. Springer, Singapore (2020)
Casola, V., De Benedictis, A., Rak, M., Villano, U.: A security metric catalogue for cloud applications. In: Barolli, L., Terzo, O. (eds.) Complex, Intelligent, and Software Intensive Systems, pp. 854–863. Springer, Cham (2018)
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., Stoddart, K.: A review of cyber security risk assessment methods for SCADA systems. Comput. Secur. 56, 1–27 (2016)
Cremonini, M., Martini, M.: Evaluating information security investments from attackers perspective: the return-on-attack (ROA). In: Fourth Workshop on the Economics of Information Security, WEIS ’05. Harvard University, Cambridge (2005)
de Franco Rosa, F., Bonacin, R., Jino, M.: The security assessment domain: a survey of taxonomies and ontologies. CoRR (2017). https://doi.org/10.13140/RG.2.2.12437.73441
de Franco Rosa, F., Jino, M., Bonacin, R.: Towards an ontology of security assessment: a core model proposal. In: Latifi, S. (ed.) Information Technology—New Generations, pp. 75–80. Springer, Cham (2018)
Dewri, R., Poolsappasit, N., Ray, I., Whitley, D.: Optimal security hardening using multi-objective optimization on attack tree models of networks. In: Proceedings of the 14th ACM Conference on Computer and Communications Security, CCS ’07, pp. 204–213. ACM, New York (2007)
Díaz López, D., Blanco Uribe, M., Santiago Cely, C., Vega Torres, A., Moreno Guataquira, N., Morón Castro, S., Nespoli, P., Gómez Mármol, F.: Shielding IoT against cyber-attacks: an event-based approach using SIEM. Wirel. Commun. Mob. Comput. (2018). https://doi.org/10.1155/2018/3029638
Díaz López, D.O., Dólera Tormo, G., Gómez Mármol, F., Martínez Pérez, G.: Dynamic counter-measures for risk-based access control systems: an evolutive approach. Future Gener. Comput. Syst. 55, 321–335 (2016)
Dutta, A., Al-Shaer, E.: Cyber defense matrix: a new model for optimal composition of cybersecurity controls to construct resilient risk mitigation. In: Proceedings of the 6th Annual Symposium on Hot Topics in the Science of Security, HotSoS ’19, pp. 14:1–14:2. ACM, New York (2019)
Enoch, S.Y., Hong, J.B., Ge, M., Alzaid, H., Kim, D.S.: Automated security investment analysis of dynamic networks. In: Proceedings of the Australasian Computer Science Week Multiconference, ACSW ’18, pp. 1–10. ACM, New York (2018)
Frigault, M., Wang, L., Jajodia, S., Singhal, A.: Measuring the overall network security by combining CVSS scores based on attack graphs and Bayesian networks. In: Network Security Metrics, pp. 1–23. Springer, Cham (2017)
Gonzalez Granadillo, G., Ben Mustapha, Y., Hachem, N., Debar, H.: An ontology-based model for SIEM environments. In: Georgiadis, C.K., Jahankhani, H., Pimenidis, E., Bashroush, R., Al-Nemrat, A. (eds.) Global Security, Safety and Sustainability and e-Democracy, pp. 148–155. Springer, Berlin (2012)
Gonzalez-Granadillo, G., Dubus, S., Motzek, A., Garcia-Alfaro, J., Alvarez, E., Merialdo, M., Papillon, S., Debar, H.: Dynamic risk management response system to handle cyber threats. Future Gener. Comput. Syst. 83, 535–552 (2018)
Gonzalez-Granadillo, G., Garcia-Alfaro, J., Alvarez, E., El-Barbori, M., Debar, H.: Selecting optimal countermeasures for attacks against critical systems using the attack volume model and the RORI index. Comput. Electr. Eng. 47, 13–34 (2015)
Gonzalez-Granadillo, G., Rubio-Hernán, J., Garcia-Alfaro, J.: Towards a security event data taxonomy. In: Cuppens, N., Cuppens, F., Lanet, J.L., Legay, A., Garcia-Alfaro, J. (eds.) Risks and Security of Internet and Systems, pp. 29–45. Springer, Cham (2018)
Gupta, M., Ulmer, J., Chaturvedi, A., Chi, J.: Matching information security vulnerabilities to organizational security profiles: a genetic algorithm approach. Decis. Support Syst. 41, 592–603 (2006)
Hassija, V., Chamola, V., Saxena, V., Jain, D., Goyal, P., Sikdar, B.: A survey on IoT security: application areas, security threats, and solution architectures. IEEE Access 7, 82721–82743 (2019)
Huang, B., Majidi, M., Baldick, R.: Case study of power system cyber attack using cascading outage analysis model. In: 2018 IEEE Power Energy Society General Meeting (PESGM), pp. 1–5 (2018)
Huertas Celdrán, A., Gil Pérez, M., García Clemente, F.J., Martínez Pérez, G.: Towards the autonomous provision of self-protection capabilities in 5G networks. J. Ambient Intell. Humaniz. Comput. 10(12), 4707–4720 (2019)
Karmakar, K., Varadharajan, V., Tupakula, U.: Mitigating attacks in software defined networks. Clust. Comput. 22(4), 1143–1157 (2019)
Khan, M.A., Salah, K.: IoT security: review, blockchain solutions, and open challenges. Future Gener. Comput. Syst. 82, 395–411 (2018)
Kheir, N., Cuppens-Boulahia, N., Cuppens, F., Debar, H.: A service dependency model for cost-sensitive intrusion response. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) Computer Security—ESORICS 2010, pp. 626–642. Springer, Berlin (2010)
Khouzani, M., Liu, Z., Malacaria, P.: Scalable min–max multi-objective cyber-security optimisation over probabilistic attack graphs. Eur. J. Oper. Res. 278(3), 894–903 (2019)
Kotenko, I., Doynikova, E., Chechulin, A., Fedorchenko, A.: AI- and metrics-based vulnerability-centric cyber security assessment and countermeasure selection. In: Parkinson, S., Crampton, A., Hill, R. (eds.) Guide to Vulnerability Analysis for Computer Networks and Systems: An Artificial Intelligence Approach, pp. 101–130. Springer, Cham (2018)
Kotenko, I., Fedorchenko, A., Doynikova, E., Chechulin, A.: An ontology-based storage of security information. Inf. Technol. Control 47, 1–13 (2018)
Liu, L., De Vel, O., Han, Q., Zhang, J., Xiang, Y.: Detecting and preventing cyber insider threats: a survey. IEEE Commun. Surv. Tutor. 20(2), 1397–1417 (2018)
Llansó, T., McNeil, M., Noteboom, C.: Multi-criteria selection of capability-based cybersecurity solutions. In: Proceedings of the 52nd Hawaii International Conference on System Sciences, pp. 11–20. Hamilton Library, Honolulu (2019)
McGuire, G., Waltermire, D., Baker, J.: Common Remediation Enumeration (CRE) Version 1.0 (Draft). NIST Interagency/Internal Report (NISTIR)-7831 (Retired) (2011)
Miehling, E., Rasouli, M., Teneketzis, D.: A POMDP approach to the dynamic defense of large-scale cyber networks. IEEE Trans. Inf. Forensics Secur. 13(10), 2490–2505 (2018)
Mizzi, A.: Return on information security investment—the viability of an anti-spam solution in a wireless environment. Int. J. Netw. Secur. 10(1), 18–24 (2010)
Monaghan, S., Cullen, P., Wegge, N.: MCDC Countering Hybrid Warfare Project: Countering Hybrid Warfare. Tech. rep. Multinational Capability Development Campaign (2019). https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/784299/concepts_mcdc_countering_hybrid_warfare.pdf
Monroe, C.C.: Optimizing military planners’ course of action decision-making. Master’s Thesis, Georgia Institute of Technology (2019)
Moye, T., Sawilla, R., Sullivan, R., Lagadec, P.: Cyber Defence Situational Awareness Demonstration/Request for Information (RFI) from Industry and Government (CO-14068-MNCD2). Tech. Rep. NCI Agency Acquisition (2015). https://www.ncia.nato.int/Industry/Documents/RFI-CO-14068-MNCD2.pdf
Nespoli, P., Papamartzivanos, D., Marmol, F.G., Kambourakis, G.: Optimal countermeasures selection against cyber attacks: a comprehensive survey on reaction frameworks. IEEE Commun. Surv. Tutor. 20(2), 1361–1396 (2018)
Otoum, S., Kantarci, B., Mouftah, H.: A comparative study of AI-based intrusion detection techniques in critical infrastructures. CoRR (2020). https://arxiv.org/abs/2008.00088
Pastor-Galindo, J., Nespoli, P., Gómez Mármol, F., Martínez Pérez, G.: The not yet exploited goldmine of OSINT: opportunities, open challenges and future trends. IEEE Access 8, 10282–10304 (2020)
Perales Gómez, Á.L., Fernández Maimó, L., Huertas Celdrán, A., García Clemente, F.J., Cadenas Sarmiento, C., Del Canto Masa, C.J., Méndez Nistal, R.: On the generation of anomaly detection datasets in industrial control systems. IEEE Access 7, 177460–177473 (2019)
Qadri, Y., Ali, R., Musaddiq, A., Al-Turjman, F., Kim, D., Kim, S.: The limitations in the state-of-the-art counter-measures against the security threats in H-IoT. Clust. Comput. 23, 2047–2065 (2020)
Rea-Guaman, A., Mejia, J., San Feliu, T., Calvo-Manzano, J.: AVARCIBER: a framework for assessing cybersecurity risks. Clust. Comput. (2020). https://doi.org/10.1007/s10586-019-03034-9
Ridhawi, I.A., Aloqaily, M., Boukerche, A., Jaraweh, Y.: A Blockchain-based decentralized composition solution for IoT services. In: ICC 2020—2020 IEEE International Conference on Communications (ICC), pp. 1–6. IEEE (2020)
Sfakianakis, A., Douligeris, C., Marinos, L., Lourenço, M., Raghimi, O.: ENISA threat landscape report 2018. Tech. rep., ENISA (2018). https://www.enisa.europa.eu/publications/enisa-threat-landscape-report-2018
Shameli-Sendi, A., Dagenais, M., Wang, L.: Realtime intrusion risk assessment model based on attack and service dependency graphs. Comput. Commun. 116, 253–272 (2018)
Shameli-Sendi, A., Louafi, H., He, W., Cheriet, M.: Dynamic optimal countermeasure selection for intrusion response system. IEEE Trans. Depend. Secure Comput. 15(5), 755–770 (2018)
Soikkeli, J., Muñoz González, L., Lupu, E.: Efficient attack countermeasure selection accounting for recovery and action costs. In: Proceedings of the 14th International Conference on Availability, Reliability and Security, ARES ’19, pp. 3:1–3:10. ACM, New York (2019)
Stan, O., Bitton, R., Ezrets, M., Dadon, M., Inokuchi, M., Ohta, Y., Yagyu, T., Elovici, Y., Shabtai, A.: Heuristic approach towards countermeasure selection using attack graphs. CoRR (2019). https://arxiv.org/abs/1906.10943v1
Stevens, R., Biller, J.: Offensive digital countermeasures: exploring the implications for governments. Cyber Def. Rev. 3(3), 93–114 (2018)
Syed, Z., Padia, A., Finin, T., Mathews, L., Joshi, A.: UCO: a unified cybersecurity ontology. In: Workshops at the Thirtieth AAAI Conference on Artificial Intelligence, Artificial Intelligence for Cyber Security, pp. 14–21 (2016)
Taheri, R., Javidan, R., Shojafar, M., Vinod, P., Conti, M.: Can machine learning model with static features be fooled: an adversarial machine learning approach. Clust. Comput. (2020). https://arxiv.org/abs/1904.09433
Tseng, L., Yao, X., Otum, S., Aloqaily, M., Jararweh, Y.: Blockchain-based database in an IoT environment: challenges, opportunities, and analysis. Clust. Comput. 23(3), 2151–2165 (2020)
Umamaheswari, A., Kalaavathi, B.: Honeypot TB-IDS: trace back model based intrusion detection system using knowledge based honeypot construction model. Clust. Comput. 22(6), 14027–14034 (2019)
Viduto, V., Maple, C., Huang, W., López-Peréz, D.: A novel risk assessment and optimisation model for a multi-objective network security countermeasure selection problem. Decis. Support Syst. 53(3), 599–610 (2012)
Wang, Y., Chen, C.: Security algorithm of internet of things based on Zigbee protocol. Clust. Comput. 22(6), 14759–14766 (2019)
Weishaupl, E., Yasasin, E., Schryen, G.: Information security investments: an exploratory multiple case study on decision-making, evaluation and learning. Comput. Secur. 77, 807–823 (2018)
Xie, P., Li, J., Ou, X., Liu, P., Levy, R.: Using Bayesian networks for cyber security analysis. In: Proceedings of the 2010 IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2010, Proceedings of the International Conference on Dependable Systems and Networks, pp. 211–220 (2010)
Yaqoob, T., Arshad, A., Abbas, H., Amjad, M.F., Shafqat, N.: Framework for calculating return on security investment (ROSI) for security-oriented organizations. Future Gener. Comput. Syst. 95, 754–763 (2019)
Acknowledgements
This work has been partially supported by an FPU Predoctoral Contract granted by the University of Murcia, by a Ramón y Cajal Research Contract (RYC-2015-18210) granted by the MINECO (Spain) and co-funded by the European Social Fund and by SAFEMAN: A Unified Management Framework for Cybersecurity and Safety in the Manufacturing Industry (RTI2018-095855-B-I00).
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors declare that they have no known competing financial interests or personal relationships that could have appeared to influence the work reported in this paper.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Nespoli, P., Gómez Mármol, F. & Maestre Vidal, J. Battling against cyberattacks: towards pre-standardization of countermeasures. Cluster Comput 24, 57–81 (2021). https://doi.org/10.1007/s10586-020-03198-9
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10586-020-03198-9