| Title | Determination of Security Threat Classes on the Basis of Vulnerability Analysis for Automated Countermeasure Selection |
| Publication Type | Conference Paper |
| Year of Publication | 2018 |
| Authors | Doynikova, Elena, Fedorchenko, Andrey, Kotenko, Igor |
| Conference Name | Proceedings of the 13th International Conference on Availability, Reliability and Security |
| Publisher | ACM |
| Conference Location | New York, NY, USA |
| ISBN Number | 978-1-4503-6448-5 |
| Keywords | Automated countermeasure selection, data classification, data mining, Human Behavior, Metrics, open security data sources, policy-based governance, pubcrawl, resilience, security monitoring, security threats, security weaknesses, vulnerability analysis |
| Abstract | Currently the task of automated security monitoring and responding to security incidents is highly relevant. The authors propose an approach to determine weaknesses of the analyzed system on the basis of its known vulnerabilities for further specification of security threats. It is relevant for the stage of determining the necessary and sufficient set of security countermeasures for specific information systems. The required set of security response tools and means depends on the determined threats. The possibility of practical implementation of the approach follows from the connectivity between open databases of vulnerabilities, weaknesses, and attacks. The authors applied various classification methods for vulnerabilities considering values of their properties. The paper describes source data used for classification, their preprocessing stage, and the classification results. The obtained results and the methods for their enhancement are discussed. |
| URL | http://doi.acm.org/10.1145/3230833.3233260 |
| DOI | 10.1145/3230833.3233260 |
| Citation Key | doynikova_determination_2018 |
Determination of Security Threat Classes on the Basis of Vulnerability Analysis for Automated Countermeasure Selection