Decision Support for Mission-Centric Network Security Management
|Článek ve sborníku
|NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium
|Fakulta / Pracoviště MU
|Cyber situational awareness;Decision support;Attack graph;Bayesian network;Mission resilience
|In this paper, we propose a decision support process that is designed to help network and security operators in understanding the complexity of a current security situation and decision making concerning ongoing cyber-attacks and threats. The process focuses on enterprise missions and uses a graph-based mission decomposition model that captures the missions, underlying hosts and services in the network, and functional and security requirements between them. Knowing the vulnerabilities and attacker’s position in the network, the process employs logical attack graphs and Bayesian network to infer the probability of the disruption of the confidentiality, integrity, and availability of the missions. Based on the probabilities of disruptions, the process suggests the most resilient mission configuration that would withstand the current security situation.