Impact Assessment Model for Distributed Adaptive Security Situation Assessment

摘要

The goal of any intrusion detection, anti-virus, firewall or other security mechanism is not simply to stop attacks, but to protect a computing resource so that the resource can continue to perform its function. A computing resource, however, is only a component of a larger system and mission. Sometimes, the efforts made to stop an attack on a resource may be as bad as the attack itself in terms of affecting the overall ability of the system to complete its mission. What is needed is a method of choosing responses to attacks on components that still allows the system to achieve its goals. We present a model of computing resources and of how the loss or degradation of resources impacts the ability of a system to complete its mission. A human or robot analyst can use the model to assess the security status of a monitored system and to allocate resources in an optimal way.