Proactive Damage Assessment of Cyber Attacks Using Mobile Observer Agents

One of the most critical challenges facing cyber defense nowadays is the complexity of recent released cyber-attacks, which are capable of disrupting critical industries and jeopardizing national economy. In this context, moving beyond common security approaches to make it possible to neutralize and react to security attacks at their early stages, becomes a requisite. We develop in this paper a formal model for the proactive assessment of security damages. We define a network of observer agents capable of observing incomplete information about attacks and affected cyber systems, and generating security observations useful for the identification of ongoing attack scenarios and their evolution in the future. A set of analytics are developed for the generation and management of scenario contexts as a set of measures useful for the proactive assessment of damages in the future, and the launching of countermeasures. A case study is provided to exemplify the proposal.