Work-in-Progress: Cybersecurity Incident Response (title not shown in full)

pdf

This presentation is part of the Works-in-Progress session, which aims to provide authors with early feedback to adjust on-going research. Manuscript titles are redacted until the work has been published.

CYBERSECURITY INCIDENT RESPONSE (full title not shown)

Cybersecurity incident response (CSIR) is an integral part of the organization’s risk management strategy to reduce the damage to the network after the initial breach. In spite of the great financial interest and the recent developments, CSIR remains a rather complex process. In particular, the existing literature lacks a quantitative approach that can effectively deal with the complex, uncertain, and rapidly changing nature of cyberattacks. In this work, we developed a model-based approach that seeks to address part of this challenge. The approach allows the defender to (i) aggregate noisy, incomplete, and sometimes conflicting information about the

attack and, without fully knowing the scope of the attack, (ii) come up with a containment plan that minimizes the impact of the attack on the network and the cost of making wrong containment decisions based on inaccurate information. We illustrated the approach using an example of a small network and discussed ideas for the future work.

Hoang Hai Nguyen is a fifth year Ph.D. student in Computer Engineering at the University of Illinois at Urbana-Champaign (UIUC). His research at UIUC lies at the intersection between network security, graph theory, probability theory, and quantitative risk.

 

Tags:
License: CC-2.5
Submitted by Hoang Hai Nguyen on