A Context-based Defense Model for Assessing Cyber Systems' Ability To Defend Against Known And Unknown Attack Scenarios

摘要

Presently, attackers succeed to damage different cyber systems no matter whether cyber security solutions are implemented or not. This fact can be explained by the information insufficiency regarding the attack environment and the deployed solutions, in addition to the predominant use of pre-built cyber attack databases, making the supervised system incapable of defending itself against zero-day attacks. We present in this paper an enhanced cyber defense model to assess the effectiveness of the deployed security solutions to defend against potential generated attack scenarios under various contexts (the configuration of distributed security solutions, named observer agents, the type and location of reaction systems, and the type of data visible by the deployed solutions). Furthermore, we propose a model ensuring the generation of known and unknown attack scenarios starting from the formal description of system variables and their interactions. In addition, we develop the concept of observable executable scenario that ensures the step by step observation of attack scenarios execution, the assessment of observer agents' reactions, and the detection of attack occurrence in a distributed system. The results of the conducted simulations using real case studies are presented to exemplify the proposal.