HAL will be down for maintenance from Friday, June 10 at 4pm through Monday, June 13 at 9am. More information
Skip to Main content Skip to Navigation

Metrics for security activities assisted by argumentative logic

Tarek Bouyahia 1, 2
Lab-STICC - Laboratoire des sciences et techniques de l'information, de la communication et de la connaissance
Abstract : The growth and diversity of services offered by modern systems make the task of securing these systems a complex exercise. On the one hand, the evolution of the number of system services increases the risk of causing vulnerabilities. These vulnerabilities can be exploited by malicious users to reach some intrusion objectives. On the other hand, the most recent competitive systems are those that ensure a certain level of performance and quality of service while maintaining the safety state. Thus, modern security systems must consider the user requirements during the security process.In addition, reacting in critical contexts against an attack after its execution can not always mitigate the adverse effects of the attack. In these cases, security systems should be in a phase ahead of the attacker in order to take necessary measures to prevent him/her from reaching his/her intrusion objective. To address those problems, we argue in this thesis that the reaction process must follow a smart reasoning. This reasoning allows the system, according to a detected attack, to preview the related attacks that may occur and to apply the best possible countermeasures. On the one hand, we propose an approach that generates potential attack scenarios given a detected alert. Then, we focus on the generation process of an appropriate set of countermeasures against attack scenarios generated among all system responses defined for the system. A generated set of countermeasures is considered as appropriate in the proposed approach if it presents a coherent set (i.e., it does not contain conflictual countermeasures) and it satisfies security administrator requirements (e.g., performance, availability). We argue in this thesis that the reaction process can be seen as two agents arguing against each other. On one side the attacker chooses his arguments as a set of actions to try to reach an intrusion objective, and on the other side the agent defending the target chooses his arguments as a set of countermeasures to block the attacker's progress or mitigate the attack effects. On the other hand, we propose an approach based on a recommender system using Multi-Criteria Decision Making (MCDM) method. This approach assists security administrators while selecting countermeasures among the appropriate set of countermeasures generated from the first approach. The assistance process is based on the security administrator decisions historic. This approach permits also, to automatically select appropriate system responses in critical cases where the security administrator is unable to select them (e.g., outside working hours, lack of knowledge about the ongoing attack). Finally, our approaches are implemented and tested in the automotive system use case to ensure that our approaches implementation successfully responded to real-time constraints.
Document type :
Complete list of metadata

Contributor : Abes Star :  Contact
Submitted on : Monday, April 30, 2018 - 10:49:06 AM
Last modification on : Monday, April 4, 2022 - 9:28:20 AM
Long-term archiving on: : Tuesday, September 25, 2018 - 6:11:36 PM


Version validated by the jury (STAR)


  • HAL Id : tel-01781353, version 1


Tarek Bouyahia. Metrics for security activities assisted by argumentative logic. Cryptography and Security [cs.CR]. Ecole nationale supérieure Mines-Télécom Atlantique, 2017. English. ⟨NNT : 2017IMTA0013⟩. ⟨tel-01781353⟩



Record views


Files downloads