Intelligent Decision Support for Cybersecurity Incident Response Teams: Autonomic Architecture and Mitigation Search
Autor(a) principal: | |
---|---|
Data de Publicação: | 2022 |
Outros Autores: | , , |
Tipo de documento: | Artigo |
Idioma: | por |
Título da fonte: | Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
Texto Completo: | http://hdl.handle.net/10174/33362 https://doi.org/Correa, C., Robin, J., Mazo, R., Abreu, S. (2022). Intelligent Decision Support for Cybersecurity Incident Response Teams: Autonomic Architecture and Mitigation Search. In: Luo, B., Mosbah, M., Cuppens, F., Ben Othmane, L., Cuppens, N., Kallel, S. (eds) Risks and Security of Internet and Systems. CRiSIS 2021. Lecture Notes in Computer Science, vol 13204. Springer, Cham. https://doi.org/10.1007/978-3-031-02067-4_6 https://doi.org/10.1007/978-3-031-02067-4_6 |
Resumo: | Critical infrastructures must be able to mitigate, at runtime, suspected ongoing cyberattacks that have eluded preventive security measures. To tackle this issue, we first propose an autonomic computing architecture for a Cyber-Security Incident Response Team Intelligent Decision Support System (CSIRT-IDSS) with a precise set of technologies for each of its components. We then zoom in on the component responsible for proposing to the CSIRT, automatically ranked sets of runtime actions to mitigate suspected ongoing cyber-attacks. We formalize its task as a Constraint Optimization Problem (COP). We then propose to implement it by a Constraint Object-Oriented Logic Program (COOLP) deployed as a containerized web service through the integration of three orthogonal extensions of Logic Programming (LP): Web Service Oriented LP (WSOLP), Constraint LP (CLP) and Object-Oriented LP (OOLP). This integration supports seamlessly reusing platform and task independent cybersecurity ontological knowledge to dynamically build a mitigation action search COP that is customized to an input suspected cyberattack action set. This customization then allows the COP, to be solved by a generic CLP engine efficiently enough to propose mitigation actions to the CSIRT team while they can still be effective. To validate this approach, we implemented a prototype called CARMAS (Cyber Attack Runtime Mitigation Action Search) and ran scalability tests on simulated attacks with various COP construction strategies. |
id |
RCAP_78f29c5ca16bfc05d872347039020fc2 |
---|---|
oai_identifier_str |
oai:dspace.uevora.pt:10174/33362 |
network_acronym_str |
RCAP |
network_name_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository_id_str |
7160 |
spelling |
Intelligent Decision Support for Cybersecurity Incident Response Teams: Autonomic Architecture and Mitigation SearchCritical infrastructures must be able to mitigate, at runtime, suspected ongoing cyberattacks that have eluded preventive security measures. To tackle this issue, we first propose an autonomic computing architecture for a Cyber-Security Incident Response Team Intelligent Decision Support System (CSIRT-IDSS) with a precise set of technologies for each of its components. We then zoom in on the component responsible for proposing to the CSIRT, automatically ranked sets of runtime actions to mitigate suspected ongoing cyber-attacks. We formalize its task as a Constraint Optimization Problem (COP). We then propose to implement it by a Constraint Object-Oriented Logic Program (COOLP) deployed as a containerized web service through the integration of three orthogonal extensions of Logic Programming (LP): Web Service Oriented LP (WSOLP), Constraint LP (CLP) and Object-Oriented LP (OOLP). This integration supports seamlessly reusing platform and task independent cybersecurity ontological knowledge to dynamically build a mitigation action search COP that is customized to an input suspected cyberattack action set. This customization then allows the COP, to be solved by a generic CLP engine efficiently enough to propose mitigation actions to the CSIRT team while they can still be effective. To validate this approach, we implemented a prototype called CARMAS (Cyber Attack Runtime Mitigation Action Search) and ran scalability tests on simulated attacks with various COP construction strategies.Springer2023-01-11T11:27:05Z2023-01-112022-04-09T00:00:00Zinfo:eu-repo/semantics/publishedVersioninfo:eu-repo/semantics/articlehttp://hdl.handle.net/10174/33362https://doi.org/Correa, C., Robin, J., Mazo, R., Abreu, S. (2022). Intelligent Decision Support for Cybersecurity Incident Response Teams: Autonomic Architecture and Mitigation Search. In: Luo, B., Mosbah, M., Cuppens, F., Ben Othmane, L., Cuppens, N., Kallel, S. (eds) Risks and Security of Internet and Systems. CRiSIS 2021. Lecture Notes in Computer Science, vol 13204. Springer, Cham. https://doi.org/10.1007/978-3-031-02067-4_6http://hdl.handle.net/10174/33362https://doi.org/10.1007/978-3-031-02067-4_6porcamilo.correa@univ-paris1.frndndspa@uevora.pt283Correa, CamiloRobin, JacquesMazo, RaulAbreu, Salvadorinfo:eu-repo/semantics/openAccessreponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos)instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãoinstacron:RCAAP2024-01-03T19:35:05Zoai:dspace.uevora.pt:10174/33362Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireopendoar:71602024-03-20T01:22:11.653197Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informaçãofalse |
dc.title.none.fl_str_mv |
Intelligent Decision Support for Cybersecurity Incident Response Teams: Autonomic Architecture and Mitigation Search |
title |
Intelligent Decision Support for Cybersecurity Incident Response Teams: Autonomic Architecture and Mitigation Search |
spellingShingle |
Intelligent Decision Support for Cybersecurity Incident Response Teams: Autonomic Architecture and Mitigation Search Correa, Camilo |
title_short |
Intelligent Decision Support for Cybersecurity Incident Response Teams: Autonomic Architecture and Mitigation Search |
title_full |
Intelligent Decision Support for Cybersecurity Incident Response Teams: Autonomic Architecture and Mitigation Search |
title_fullStr |
Intelligent Decision Support for Cybersecurity Incident Response Teams: Autonomic Architecture and Mitigation Search |
title_full_unstemmed |
Intelligent Decision Support for Cybersecurity Incident Response Teams: Autonomic Architecture and Mitigation Search |
title_sort |
Intelligent Decision Support for Cybersecurity Incident Response Teams: Autonomic Architecture and Mitigation Search |
author |
Correa, Camilo |
author_facet |
Correa, Camilo Robin, Jacques Mazo, Raul Abreu, Salvador |
author_role |
author |
author2 |
Robin, Jacques Mazo, Raul Abreu, Salvador |
author2_role |
author author author |
dc.contributor.author.fl_str_mv |
Correa, Camilo Robin, Jacques Mazo, Raul Abreu, Salvador |
description |
Critical infrastructures must be able to mitigate, at runtime, suspected ongoing cyberattacks that have eluded preventive security measures. To tackle this issue, we first propose an autonomic computing architecture for a Cyber-Security Incident Response Team Intelligent Decision Support System (CSIRT-IDSS) with a precise set of technologies for each of its components. We then zoom in on the component responsible for proposing to the CSIRT, automatically ranked sets of runtime actions to mitigate suspected ongoing cyber-attacks. We formalize its task as a Constraint Optimization Problem (COP). We then propose to implement it by a Constraint Object-Oriented Logic Program (COOLP) deployed as a containerized web service through the integration of three orthogonal extensions of Logic Programming (LP): Web Service Oriented LP (WSOLP), Constraint LP (CLP) and Object-Oriented LP (OOLP). This integration supports seamlessly reusing platform and task independent cybersecurity ontological knowledge to dynamically build a mitigation action search COP that is customized to an input suspected cyberattack action set. This customization then allows the COP, to be solved by a generic CLP engine efficiently enough to propose mitigation actions to the CSIRT team while they can still be effective. To validate this approach, we implemented a prototype called CARMAS (Cyber Attack Runtime Mitigation Action Search) and ran scalability tests on simulated attacks with various COP construction strategies. |
publishDate |
2022 |
dc.date.none.fl_str_mv |
2022-04-09T00:00:00Z 2023-01-11T11:27:05Z 2023-01-11 |
dc.type.status.fl_str_mv |
info:eu-repo/semantics/publishedVersion |
dc.type.driver.fl_str_mv |
info:eu-repo/semantics/article |
format |
article |
status_str |
publishedVersion |
dc.identifier.uri.fl_str_mv |
http://hdl.handle.net/10174/33362 https://doi.org/Correa, C., Robin, J., Mazo, R., Abreu, S. (2022). Intelligent Decision Support for Cybersecurity Incident Response Teams: Autonomic Architecture and Mitigation Search. In: Luo, B., Mosbah, M., Cuppens, F., Ben Othmane, L., Cuppens, N., Kallel, S. (eds) Risks and Security of Internet and Systems. CRiSIS 2021. Lecture Notes in Computer Science, vol 13204. Springer, Cham. https://doi.org/10.1007/978-3-031-02067-4_6 http://hdl.handle.net/10174/33362 https://doi.org/10.1007/978-3-031-02067-4_6 |
url |
http://hdl.handle.net/10174/33362 https://doi.org/Correa, C., Robin, J., Mazo, R., Abreu, S. (2022). Intelligent Decision Support for Cybersecurity Incident Response Teams: Autonomic Architecture and Mitigation Search. In: Luo, B., Mosbah, M., Cuppens, F., Ben Othmane, L., Cuppens, N., Kallel, S. (eds) Risks and Security of Internet and Systems. CRiSIS 2021. Lecture Notes in Computer Science, vol 13204. Springer, Cham. https://doi.org/10.1007/978-3-031-02067-4_6 https://doi.org/10.1007/978-3-031-02067-4_6 |
dc.language.iso.fl_str_mv |
por |
language |
por |
dc.relation.none.fl_str_mv |
camilo.correa@univ-paris1.fr nd nd spa@uevora.pt 283 |
dc.rights.driver.fl_str_mv |
info:eu-repo/semantics/openAccess |
eu_rights_str_mv |
openAccess |
dc.publisher.none.fl_str_mv |
Springer |
publisher.none.fl_str_mv |
Springer |
dc.source.none.fl_str_mv |
reponame:Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) instname:Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação instacron:RCAAP |
instname_str |
Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
instacron_str |
RCAAP |
institution |
RCAAP |
reponame_str |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
collection |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) |
repository.name.fl_str_mv |
Repositório Científico de Acesso Aberto de Portugal (Repositórios Cientìficos) - Agência para a Sociedade do Conhecimento (UMIC) - FCT - Sociedade da Informação |
repository.mail.fl_str_mv |
|
_version_ |
1799136703929122816 |