Intelligent Decision Support for Cybersecurity Incident Response Teams: Autonomic Architecture and Mitigation Search

Detalhes bibliográficos
Autor(a) principal: Correa, Camilo
Data de Publicação: 2022
Outros Autores: Robin, Jacques, Mazo, Raul, Abreu, Salvador
Tipo de documento: Artigo
Idioma: por
Título da fonte: Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
Texto Completo: http://hdl.handle.net/10174/33362
https://doi.org/Correa, C., Robin, J., Mazo, R., Abreu, S. (2022). Intelligent Decision Support for Cybersecurity Incident Response Teams: Autonomic Architecture and Mitigation Search. In: Luo, B., Mosbah, M., Cuppens, F., Ben Othmane, L., Cuppens, N., Kallel, S. (eds) Risks and Security of Internet and Systems. CRiSIS 2021. Lecture Notes in Computer Science, vol 13204. Springer, Cham. https://doi.org/10.1007/978-3-031-02067-4_6
https://doi.org/10.1007/978-3-031-02067-4_6
Resumo: Critical infrastructures must be able to mitigate, at runtime, suspected ongoing cyberattacks that have eluded preventive security measures. To tackle this issue, we first propose an autonomic computing architecture for a Cyber-Security Incident Response Team Intelligent Decision Support System (CSIRT-IDSS) with a precise set of technologies for each of its components. We then zoom in on the component responsible for proposing to the CSIRT, automatically ranked sets of runtime actions to mitigate suspected ongoing cyber-attacks. We formalize its task as a Constraint Optimization Problem (COP). We then propose to implement it by a Constraint Object-Oriented Logic Program (COOLP) deployed as a containerized web service through the integration of three orthogonal extensions of Logic Programming (LP): Web Service Oriented LP (WSOLP), Constraint LP (CLP) and Object-Oriented LP (OOLP). This integration supports seamlessly reusing platform and task independent cybersecurity ontological knowledge to dynamically build a mitigation action search COP that is customized to an input suspected cyberattack action set. This customization then allows the COP, to be solved by a generic CLP engine efficiently enough to propose mitigation actions to the CSIRT team while they can still be effective. To validate this approach, we implemented a prototype called CARMAS (Cyber Attack Runtime Mitigation Action Search) and ran scalability tests on simulated attacks with various COP construction strategies.
id RCAP_78f29c5ca16bfc05d872347039020fc2
oai_identifier_str oai:dspace.uevora.pt:10174/33362
network_acronym_str RCAP
network_name_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository_id_str 7160
spelling Intelligent Decision Support for Cybersecurity Incident Response Teams: Autonomic Architecture and Mitigation SearchCritical infrastructures must be able to mitigate, at runtime, suspected ongoing cyberattacks that have eluded preventive security measures. To tackle this issue, we first propose an autonomic computing architecture for a Cyber-Security Incident Response Team Intelligent Decision Support System (CSIRT-IDSS) with a precise set of technologies for each of its components. We then zoom in on the component responsible for proposing to the CSIRT, automatically ranked sets of runtime actions to mitigate suspected ongoing cyber-attacks. We formalize its task as a Constraint Optimization Problem (COP). We then propose to implement it by a Constraint Object-Oriented Logic Program (COOLP) deployed as a containerized web service through the integration of three orthogonal extensions of Logic Programming (LP): Web Service Oriented LP (WSOLP), Constraint LP (CLP) and Object-Oriented LP (OOLP). This integration supports seamlessly reusing platform and task independent cybersecurity ontological knowledge to dynamically build a mitigation action search COP that is customized to an input suspected cyberattack action set. This customization then allows the COP, to be solved by a generic CLP engine efficiently enough to propose mitigation actions to the CSIRT team while they can still be effective. To validate this approach, we implemented a prototype called CARMAS (Cyber Attack Runtime Mitigation Action Search) and ran scalability tests on simulated attacks with various COP construction strategies.Springer2023-01-11T11:27:05Z2023-01-112022-04-09T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articlehttp://hdl.handle.net/10174/33362https://doi.org/Correa, C., Robin, J., Mazo, R., Abreu, S. (2022). Intelligent Decision Support for Cybersecurity Incident Response Teams: Autonomic Architecture and Mitigation Search. In: Luo, B., Mosbah, M., Cuppens, F., Ben Othmane, L., Cuppens, N., Kallel, S. (eds) Risks and Security of Internet and Systems. CRiSIS 2021. Lecture Notes in Computer Science, vol 13204. Springer, Cham. https://doi.org/10.1007/978-3-031-02067-4_6http://hdl.handle.net/10174/33362https://doi.org/10.1007/978-3-031-02067-4_6porcamilo.correa@univ-paris1.frndndspa@uevora.pt283Correa, CamiloRobin, JacquesMazo, RaulAbreu, Salvadorinfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2024-01-03T19:35:05Zoai:dspace.uevora.pt:10174/33362Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-20T01:22:11.653197Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse
dc.title.none.fl_str_mv Intelligent Decision Support for Cybersecurity Incident Response Teams: Autonomic Architecture and Mitigation Search
title Intelligent Decision Support for Cybersecurity Incident Response Teams: Autonomic Architecture and Mitigation Search
spellingShingle Intelligent Decision Support for Cybersecurity Incident Response Teams: Autonomic Architecture and Mitigation Search
Correa, Camilo
title_short Intelligent Decision Support for Cybersecurity Incident Response Teams: Autonomic Architecture and Mitigation Search
title_full Intelligent Decision Support for Cybersecurity Incident Response Teams: Autonomic Architecture and Mitigation Search
title_fullStr Intelligent Decision Support for Cybersecurity Incident Response Teams: Autonomic Architecture and Mitigation Search
title_full_unstemmed Intelligent Decision Support for Cybersecurity Incident Response Teams: Autonomic Architecture and Mitigation Search
title_sort Intelligent Decision Support for Cybersecurity Incident Response Teams: Autonomic Architecture and Mitigation Search
author Correa, Camilo
author_facet Correa, Camilo
Robin, Jacques
Mazo, Raul
Abreu, Salvador
author_role author
author2 Robin, Jacques
Mazo, Raul
Abreu, Salvador
author2_role author
author
author
dc.contributor.author.fl_str_mv Correa, Camilo
Robin, Jacques
Mazo, Raul
Abreu, Salvador
description Critical infrastructures must be able to mitigate, at runtime, suspected ongoing cyberattacks that have eluded preventive security measures. To tackle this issue, we first propose an autonomic computing architecture for a Cyber-Security Incident Response Team Intelligent Decision Support System (CSIRT-IDSS) with a precise set of technologies for each of its components. We then zoom in on the component responsible for proposing to the CSIRT, automatically ranked sets of runtime actions to mitigate suspected ongoing cyber-attacks. We formalize its task as a Constraint Optimization Problem (COP). We then propose to implement it by a Constraint Object-Oriented Logic Program (COOLP) deployed as a containerized web service through the integration of three orthogonal extensions of Logic Programming (LP): Web Service Oriented LP (WSOLP), Constraint LP (CLP) and Object-Oriented LP (OOLP). This integration supports seamlessly reusing platform and task independent cybersecurity ontological knowledge to dynamically build a mitigation action search COP that is customized to an input suspected cyberattack action set. This customization then allows the COP, to be solved by a generic CLP engine efficiently enough to propose mitigation actions to the CSIRT team while they can still be effective. To validate this approach, we implemented a prototype called CARMAS (Cyber Attack Runtime Mitigation Action Search) and ran scalability tests on simulated attacks with various COP construction strategies.
publishDate 2022
dc.date.none.fl_str_mv 2022-04-09T00:00:00Z
2023-01-11T11:27:05Z
2023-01-11
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
dc.type.driver.fl_str_mv info:eu-repo/semantics/article
format article
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10174/33362
https://doi.org/Correa, C., Robin, J., Mazo, R., Abreu, S. (2022). Intelligent Decision Support for Cybersecurity Incident Response Teams: Autonomic Architecture and Mitigation Search. In: Luo, B., Mosbah, M., Cuppens, F., Ben Othmane, L., Cuppens, N., Kallel, S. (eds) Risks and Security of Internet and Systems. CRiSIS 2021. Lecture Notes in Computer Science, vol 13204. Springer, Cham. https://doi.org/10.1007/978-3-031-02067-4_6
http://hdl.handle.net/10174/33362
https://doi.org/10.1007/978-3-031-02067-4_6
url http://hdl.handle.net/10174/33362
https://doi.org/Correa, C., Robin, J., Mazo, R., Abreu, S. (2022). Intelligent Decision Support for Cybersecurity Incident Response Teams: Autonomic Architecture and Mitigation Search. In: Luo, B., Mosbah, M., Cuppens, F., Ben Othmane, L., Cuppens, N., Kallel, S. (eds) Risks and Security of Internet and Systems. CRiSIS 2021. Lecture Notes in Computer Science, vol 13204. Springer, Cham. https://doi.org/10.1007/978-3-031-02067-4_6
https://doi.org/10.1007/978-3-031-02067-4_6
dc.language.iso.fl_str_mv por
language por
dc.relation.none.fl_str_mv camilo.correa@univ-paris1.fr
nd
nd
spa@uevora.pt
283
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.publisher.none.fl_str_mv Springer
publisher.none.fl_str_mv Springer
dc.source.none.fl_str_mv reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron:RCAAP
instname_str Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
instacron_str RCAAP
institution RCAAP
reponame_str Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
collection Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)
repository.name.fl_str_mv Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação
repository.mail.fl_str_mv
_version_ 1799136703929122816

Registros relacionados