{"title":"Optimal Deployment of Security Policies: Application to Industrial Control Systems","authors":"Z. Ismail, J. Leneutre, A. Fourati","doi":"10.1109/EDCC.2018.00030","DOIUrl":null,"url":null,"abstract":"The management of security resources in a system always comes with a tradeoff. Given technical and budget constraints, the defender focuses on deploying the set of security countermeasures that offer the best level of system protection. However, optimizing the configuration and deployment of defense countermeasures for efficient attack detection and mitigation remains a challenging task. In this paper, we leverage the information present in an attack graph, representing the evolution of the state of the attacker in the system, to tackle the problem of finding the optimal security policy that offers the maximum level of system protection. Our solution can be used to assist asset owners to prioritize the deployment of security countermeasures and respond to intrusions efficiently. We validate our approach on an Advanced Metering Infrastructure (AMI) case study.","PeriodicalId":129399,"journal":{"name":"2018 14th European Dependable Computing Conference (EDCC)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2018-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2018 14th European Dependable Computing Conference (EDCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/EDCC.2018.00030","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 1
Abstract
The management of security resources in a system always comes with a tradeoff. Given technical and budget constraints, the defender focuses on deploying the set of security countermeasures that offer the best level of system protection. However, optimizing the configuration and deployment of defense countermeasures for efficient attack detection and mitigation remains a challenging task. In this paper, we leverage the information present in an attack graph, representing the evolution of the state of the attacker in the system, to tackle the problem of finding the optimal security policy that offers the maximum level of system protection. Our solution can be used to assist asset owners to prioritize the deployment of security countermeasures and respond to intrusions efficiently. We validate our approach on an Advanced Metering Infrastructure (AMI) case study.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
