, Aperçu des composantes du système de surveillance des risques

. , Overview of the risk monitoring framework and its components

. , The risk importance is defined as impact × likelihood. Risks are accepted when their importance is 5 or less (depicted by a green cell); they are to be mitigated otherwise (red cell), A very simple heat map based on 3-value impact and 3-value likelihood scales

. .. , Example of functionally dependent assets

, Example of implicitly contained risk scenarios, p.10

. , Example of interdependencies resulting from security incidents and its cascade effects

, Situation where security events are cyclically dependent

. , Graphical example of a dependency graph with probability values

. .. , Split-up of a risk-scenario in multiple events, with impact attached to the most appropriate one, p.41

, The risk management process according to ISO 27005, p.44

, Dependencies as an extension to the risk management process, p.45

. , Simple example of cyclically dependent events encoded in a graph

. , Execution time of Algorithm 1 in seconds, depending on the graph size n, with ? = 0.1 and = 0.01 and an average of 5 neighbours per node

. , Execution time of Algorithm 1 in seconds, depending on the precision ? of the results, with n = 500 and = 0.01 and an average of 5 neighbours per node

, Execution time of Algorithm 1 in seconds, depending on the correctness of the algorithm output, with n = 500 and ? = 0.1 and an average of 5 neighbours per node, p.51

, Execution time of Algorithm 1 in seconds, depending on the graph size n and m, with ? = 0.1 and = 0.01, p.52

. , 59 3.13 Example of an overfull dependency graph, Class diagram representing the taxonomy of assets involved in a risk analysis, p.60

, Anonymised network diagram of the central system architecture showing devices and the their affinity to the respective networks. DSO denotes a Distribution System Operator

. , DMZ stands for DeMilitarised Zone; field devices include data concentrators and smart meters

. , Anonymised hierarchy of certificates used in the smart grid

, Excerpt of the matching between applications (solid boxes) and services (dashed boxes). SIEM denotes the Security Information and Event Management appliance, p.64

, Endless loop in dependencies for general boolean formulae, p.67

, A sample attack-defence tree. The dashed nodes correspond to defences that apply to the attack step above them, p.67

, Risk monitoring making use of the dependency model to automatically update the risk estimates in real-time, p.76

, Example evolution of a dynamically reported risk factor, p.79

. , A notification overridden by another one, due to the enforcement parameter being set (f=true)

, A notification not overridden by another one, due to its smaller value and the enforcement parameter not being set (f=false), p.81

, An intermediary risk monitoring platform for storing risk indicator values, separating agents from the risk analysis, p.82

. .. , Interaction of risk monitoring components, p.89

. , TRICK Service with the use of formulae

, Comparison of linear and logarithmic time lines, p.96

. , Evolution of (quantitative) risk visualised in a logarithmic time line in TRICK Service

, Note the abrupt 'jumps' for the measured data rate. This example is based on the data sets recorded by Garcia et al

. , 2 Illustration of the training attack over time, for the case of the data rate. An attacker proceeds by progressively injecting more and more packets until he eventually reaches the desired critical threshold

. , Instead of only increasing the traffic load, an attacker creates enough 'normal' data in-between, which outweighs (and thus hides) the malicious traffic

, Note how the µ + 3 · ? threshold value (thick red line) is not a good descriptor of 'normal' traffic and thus a bad candidate for detecting outliers in the traffic, 4 Illustration of typical data rates for HTTP traffic (thin black line), p.106

. , Example of a two-dimensional state space divided into a grid

. .. , Work-flow of the intrusion detection system, vol.108

. , The several steps of the training attack and how they appear at different time scales

K. Stouffer, J. Falco, and K. Scarfone, Guide to industrial control systems (ics) security', NIST special publication, vol.800, pp.16-16, 2011.

R. J. Turk, Cyber incidents involving control systems', Idaho National Laboratory (INL), 2005.

M. A. Mcqueen, T. A. Mcqueen, W. F. Boyer, and M. R. Chaffin, Empirical estimates and observations of 0day vulnerabilities, System Sciences, 2009. HICSS'09. 42nd Hawaii International Conference on, pp.1-12, 2009.

S. L. Laboratory, Qualitative vs. quantitative risk assessment, 2012.

L. A. Cox, D. Babayev, and W. Huber, Some limitations of qualitative risk rating systems, Risk Analysis, vol.25, issue.3, pp.651-662, 2005.

P. R. Garvey and Z. F. Lansdowne, Risk matrix: an approach for identifying, assessing, and ranking program risks, Air Force Journal of Logistics, vol.22, issue.1, pp.18-21, 1998.

M. Willhite, Establishing a program risk baseline, an annotated briefing', The MITRE Corporation, pp.1-10, 1998.

Q. Zhu, X. Kuang, and Y. Shen, Risk matrix method and its application in the field of technical project risk management, Engineering Science, vol.5, issue.1, pp.89-94, 2003.

H. Ni, A. Chen, and N. Chen, Some extensions on risk matrix approach, Safety Science, vol.48, issue.10, pp.1269-1278, 2010.

L. Cox, What's wrong with risk matrices?, vol.28, pp.497-512, 2008.

, International Organization for Standardization, ISO/IEC 27005: information security risk management, 2008.

C. N. , Privacy impact assessment (pia) 1 : methodology, 2018.

, Privacy impact assessment (pia) 2 : template, 2018.

, Privacy impact assessment (pia) 3 : knowledge bases, 2018.

M. S. Lund, B. Solhaug, and K. Stølen, Model-driven risk analysis: the CORAS approach, 2010.

Z. Yazar, A qualitative risk analysis and management tool-cramm', SANS InfoSec Reading Room White Paper, 2002.

, A. nationale de la sécurité des systèmes d'information, EBIOS: expression des besoins et identification des objectifs de sécurité, 2010.

B. , Sicherheit in der Informationstechnik, BSI-standard 200-3: risikomanagement, 2017.

M. A. Amutio, J. Candau, and J. Mañas, Magerit-version 3, methodology for information systems risk analysis and management, book i-the method, 2014.

C. Clusif, MEHARI: principes fondamentaux et spécifications fonctionnelles, 2010.

C. J. Alberts and A. Dorofee, Managing information security risks: the OCTAVE approach, 2002.

, The Risk IT framework, ISACA, 2009.

G. Antoniou, M. Saravanou, and V. Stavrou, An overview of risk assessment methods, 2014.

D. Ionita, Current established risk assessment methodologies and tools, 2013.

F. Macedo, M. M. Da, and . Silva, Lisboa, [26] International Organization for Standardization, ISO/IEC 27019: information technology-security techniques-information security management guidelines based on ISO/IEC 27002 for process control systems specific to the energy utility industry, 2013.

, European Union Agency for Network and Information Security, 2017.

P. Y. Lipscy, K. E. Kushida, and T. Incerti, The fukushima disaster and japan's nuclear plant vulnerability in comparative perspective, Environmental science & technology, vol.47, issue.12, pp.6082-6088, 2013.

, International Organization for Standardization, ISO/IEC 31000: risk management, 2018.

E. Luiijf, A. Nieuwenhuijs, M. Klaver, M. Van-eeten, and E. Cruz, Empirical findings on critical infrastructure dependencies in europe, International Workshop on Critical Information Infrastructures Security, pp.302-310, 2008.

S. M. Rinaldi, J. P. Peerenboom, and T. K. Kelly, Identifying, understanding, and analyzing critical infrastructure interdependencies, IEEE Control Systems, vol.21, issue.6, pp.11-25, 2001.

R. G. Little, Controlling cascading failure: understanding the vulnerabilities of interconnected infrastructures, Journal of Urban Technology, vol.9, issue.1, pp.109-123, 2002.

S. Mcgee, J. Frittmann, S. Ahn, and S. Murray, Risk relationship and cascading effects in critical infrastructures: implications for the hyogo framework, 2014.

S. Axelsson, The base-rate fallacy and the difficulty of intrusion detection, ACM Transactions on Information and System Security (TISSEC), vol.3, issue.3, pp.186-205, 2000.

T. Peng, C. Leckie, and K. Ramamohanarao, Proactively detecting distributed denial of service attacks using source ip address monitoring, International Conference on Research in Networking, pp.771-782, 2004.

D. Moore, C. Shannon, D. J. Brown, G. M. Voelker, and S. Savage, Inferring internet denial-of-service activity, ACM Transactions on Computer Systems (TOCS), vol.24, issue.2, pp.115-139, 2006.

R. K. Chang, Defending against flooding-based distributed denialof-service attacks: a tutorial, IEEE communications magazine, vol.40, issue.10, pp.42-51, 2002.

A. Milenkoski, M. Vieira, S. Kounev, A. Avritzer, and B. D. Payne, Evaluating computer intrusion detection systems: a survey of common practices, ACM Computing Surveys (CSUR), vol.48, issue.1, p.12, 2015.

V. Chandola, A. Banerjee, and V. Kumar, Anomaly detection: a survey, ACM computing surveys (CSUR), vol.41, p.15, 2009.

M. Botha, R. Von, K. Solms, E. Perry, G. Loubser et al., The utilization of artificial intelligence in a hybrid intrusion detection system, Proceedings of the 2002 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology, South African Institute for Computer Scientists and Information Technologists, pp.149-155, 2002.

C. Katar, Combining multiple techniques for intrusion detection, Int J Comput Sci Network Security, vol.6, issue.2B, pp.208-218, 2006.

S. Axelsson, Intrusion detection systems: a survey and taxonomy, 2000.

H. Debar, M. Dacier, and A. Wespi, Towards a taxonomy of intrusiondetection systems, Computer Networks, vol.31, issue.8, pp.805-822, 1999.

R. Sommer and V. Paxson, Outside the closed world: on using machine learning for network intrusion detection', in Security and Privacy (SP), IEEE Symposium on, pp.305-316, 2010.

M. Barreno, B. Nelson, R. Sears, A. D. Joseph, and J. D. Tygar, Can machine learning be secure?, Proceedings of the 2006 ACM Symposium on Information, pp.16-25, 2006.

S. Muller, Risk monitoring in industrial control systems, Advanced Data Collection and Risks (ADaCoR) Workshop, 2016.

B. Fetler and S. Muller, Dynamic risk analysis', in Security Assessment for Systems, Services, and Infrastructures (SASSI) Workshop, 2015.

S. Muller, C. Harpes, Y. Le-traon, S. Gombault, J. Bonnin et al., Dynamic risk analyses and dependency-aware root cause model for critical infrastructures, Critical Information Infrastructures Security: 11th International Conference, pp.978-981, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01833589

O. Gadyatskaya, C. Harpes, S. Mauw, C. Muller, and S. Muller, Bridging two worlds: reconciling practical risk assessment methodologies with theory of attack trees, Graphical Models for Security: Third International Workshop, pp.80-93, 2016.

S. Muller, C. Harpes, and C. Muller, Fast and optimal countermeasure selection for attack defence trees, Risk Assessment and RiskDriven Quality Assurance: 4th International Workshop, pp.53-65, 2016.

S. Muller, C. Harpes, Y. L. Traon, S. Gombault, and J. Bonnin, Efficiently computing the likelihoods of cyclically interdependent risk scenarios, Computers & Security, vol.64, pp.167-4048, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01427488

S. Muller, J. Lancrenon, C. Harpes, Y. L. Traon, S. Gombault et al., A training-resistant anomaly detection system, Computers & Security, vol.76, pp.167-4048, 2018.
URL : https://hal.archives-ouvertes.fr/hal-01836374

X. Tong and X. Ban, A hierarchical information system risk evaluation method based on asset dependence chain, International Journal of Security and Its Applications, vol.8, issue.6, pp.81-88, 2014.

F. D. Braber, I. Hogganvik, M. Lund, K. Stølen, and F. Vraalsen, Model-based security analysis in seven steps-a guided tour to the coras method, BT Technology Journal, vol.25, issue.1, pp.101-117, 2007.

J. Breier, Asset valuation method for dependent entities, Journal of Internet Services and Information Security, vol.4, issue.3, pp.72-81, 2014.

N. Liu, J. Zhang, and X. Wu, Asset analysis of risk assessment for iec 61850-based power control systems-part i: methodology, IEEE Transactions on Power Delivery, vol.26, issue.2, pp.869-875, 2011.

B. Suh and I. Han, The is risk analysis based on a business model, Information & Management, vol.41, issue.2, pp.149-158, 2003.

, Event tree analysis (eta), Risk Analysis of Technological Systems, vol.3, pp.60300-60303, 1995.

P. Giorgini, J. Mylopoulos, E. Nicchiarelli, and R. Sebastiani, Formal reasoning techniques for goal models, J. Data Semantics, vol.1, issue.1, pp.1-20, 2003.

E. Navarro, P. Letelier, D. Reolid, and I. Ramos, Configurable satisfiability propagation for goal, Advances in information systems development: new methods and practice for the networked society, vol.2, p.167, 2007.

B. Schneier, Attack trees, Dr. Dobb's journal, vol.24, issue.12, pp.21-29, 1999.

S. Mauw and M. Oostdijk, Foundations of attack trees, Icisc, vol.3935, pp.186-198, 2005.

S. Evans and J. Wallner, Risk-based security engineering through the eyes of the adversary, Information Assurance Workshop, 2005. IAW'05. Proceedings from the Sixth Annual IEEE SMC, pp.158-165, 2005.

P. Schweitzer, Attack-defense trees, 2013.

B. Kordy, S. Mauw, S. Radomirovi´cradomirovi´c, and P. Schweitzer, Attack-defense trees, Journal of Logic and Computation, vol.24, issue.1, pp.55-87, 2014.
URL : https://hal.archives-ouvertes.fr/hal-01825088

F. Baiardi and D. Sgandurra, Assessing ICT risk through a Monte Carlo method, Environment Systems and Decisions, vol.33, issue.4, pp.486-499, 2013.

T. R. Ingoldsby, Attack tree-based threat risk analysis', Amenaza Technologies Limited, pp.3-9, 2010.

L. Grunske and D. Joyce, Quantitative risk-based security prediction for component-based systems with explicitly modeled attack profiles, Journal of Systems and Software, vol.81, issue.8, pp.1327-1345, 2008.

K. S. Edge, G. C. Dalton, R. A. Raines, and R. F. Mills, Using attack and protection trees to analyze threats and defenses to homeland security, Military Communications Conference, pp.1-7, 2006.

M. A. Mcqueen, W. F. Boyer, M. A. Flynn, and G. A. Beitel, Quantitative cyber risk reduction estimation methodology for a small scada control system, System Sciences, 2006. HICSS'06. Proceedings of the 39th Annual Hawaii International Conference on, vol.9, pp.226-226, 2006.

I. B. Utne, P. Hokstad, and J. Vatn, A method for risk modeling of interdependencies in critical infrastructures, Reliability Engineering & System Safety, vol.96, issue.6, pp.671-678, 2011.

T. W. Kwan and H. K. Leung, A risk management methodology for project risk dependencies, IEEE Transactions on Software Engineering, vol.37, issue.5, pp.635-648, 2011.

R. Dantu, K. Loper, and P. Kolan, Risk management using behavior based attack graphs, Proceedings. ITCC 2004. International Conference on, IEEE, vol.1, pp.445-449, 2004.

S. Fenz and M. Hudec, Ontology-based generation of Bayesian networks, Complex, Intelligent and Software Intensive Systems, 2009. CISIS'09. International Conference on, pp.712-717, 2009.

B. Rahmad, S. H. Supangkat, J. Sembiring, and K. Surendro, Modeling asset dependency for security risk analysis using threat-scenario dependency, International Journal of Computer Science and Information Security, vol.10, issue.4, p.103, 2012.

N. Poolsappasit, R. Dewri, and I. Ray, Dynamic security risk management using bayesian attack graphs, IEEE Transactions on Dependable and Secure Computing, vol.9, pp.61-74, 2012.

J. Homer, X. Ou, and D. Schmidt, A sound and practical approach to quantifying security risk in enterprise networks, pp.1-15, 2009.

P. Kotzanikolaou, M. Theoharidou, and D. Gritzalis, Assessing norder dependencies between critical infrastructures, International Journal of Critical Infrastructures, vol.6, issue.1-2, pp.93-110, 2013.

L. Wang, T. Islam, T. Long, A. Singhal, and S. Jajodia, An attack graph-based probabilistic security metric', in Data and applications security XXII, pp.283-296, 2008.

A. Årnes, K. Sallhammar, K. Haslum, T. Brekne, M. E. Moe et al., Real-time risk assessment with network sensors and intrusion detection systems, International Conference on Computational and Information Science, pp.388-397, 2005.

K. Haslum and A. Arnes, Multisensor real-time risk assessment using continuous-time hidden markov models', in Computational Intelligence and Security, International Conference on, vol.2, pp.1536-1540, 2006.

X. Tan, Y. Zhang, X. Cui, and H. Xi, Using hidden markov models to evaluate the real-time risks of network, Knowledge Acquisition and Modeling Workshop, pp.490-493, 2008.

W. Kanoun, S. Dubus, S. Papillon, and N. , Towards dynamic risk management: success likelihood of ongoing attacks, Bell Labs Technical Journal, vol.17, issue.3, pp.61-78, 2012.
URL : https://hal.archives-ouvertes.fr/hal-01162078

M. Jahnke, C. Thul, and P. Martini, Graph based metrics for intrusion response measures in computer networks, Local Computer Networks, 2007. LCN 2007. 32nd IEEE Conference on, pp.1035-1042, 2007.

S. Noel, S. Jajodia, L. Wang, and A. Singhal, Measuring security risk of networks using attack graphs, International Journal of NextGeneration Computing, vol.1, issue.1, pp.135-147, 2010.

P. Xie, J. H. Li, X. Ou, P. Liu, and R. Levy, Using bayesian networks for cyber security analysis, Dependable Systems and Networks (DSN)

, IEEE/IFIP international conference on, pp.211-220, 2010.

J. Homer and X. Ou, Sat-solving approaches to context-aware enterprise network security management, IEEE Journal on selected areas in communications, vol.27, issue.3, 2009.

A. Gehani and G. Kedem, Rheostat: real-time risk management, RAID, pp.296-314, 2004.

M. Paté-cornell and P. J. Regan, Dynamic risk management systems: hybrid architecture and offshore platform illustration, Risk analysis, vol.18, issue.4, pp.485-496, 1998.

W. Kanoun, N. Cuppens-boulahia, F. Cuppens, and F. Autrel, Advanced reaction using risk assessment in intrusion detection systems, International Workshop on Critical Information Infrastructures Security, pp.58-70, 2007.
URL : https://hal.archives-ouvertes.fr/hal-00540863

M. Giannakis and M. Louis, A multi-agent based framework for supply chain risk management, Journal of Purchasing and Supply Management, vol.17, issue.1, pp.23-31, 2011.

J. Jiang, P. Wang, W. Lung, L. Guo, and M. Li, A gis-based generic real-time risk assessment framework and decision tools for chemical spills in the river basin, Journal of hazardous materials, vol.227, pp.280-291, 2012.

N. Dulac, A framework for dynamic safety and risk management modeling in complex engineering systems, 2007.

J. P. Anderson, Computer security threat monitoring and surveillance, Tech. Rep, 1980.

D. E. Denning, An intrusion-detection model, IEEE Transactions on software engineering, issue.2, pp.222-232, 1987.

R. Mitchell and I. Chen, A survey of intrusion detection techniques for cyber-physical systems, ACM Computing Surveys (CSUR), vol.46, issue.4, p.55, 2014.

B. Zhu and S. Sastry, Scada-specific intrusion detection/prevention systems: a survey and taxonomy, Proceedings of the 1st Workshop on Secure Control Systems (SCS), vol.11, 2010.

A. L. Buczak and E. Guven, A survey of data mining and machine learning methods for cyber security intrusion detection, IEEE Communications Surveys & Tutorials, vol.18, issue.2, pp.1153-1176, 2016.

H. Brahmi, I. Brahmi, and S. B. Yahia, Omc-ids: at the cross-roads of olap mining and intrusion detection, Pacific-Asia Conference on Knowledge Discovery and Data Mining, pp.13-24, 2012.
URL : https://hal.archives-ouvertes.fr/hal-01300473

L. Portnoy, E. Eskin, and S. Stolfo, Intrusion detection with unlabeled data using clustering, Proceedings of ACM CSS Workshop on Data Mining Applied to Security (DMSA-2001, 2001.

Z. Muda, W. Yassin, M. Sulaiman, and N. Udzir, Intrusion detection based on k-means clustering and naive bayes classification', in Information Technology in Asia (CITA 11), 7th International Conference on, pp.1-6, 2011.

V. Barot and D. Toshniwal, A new data mining based hybrid network intrusion detection model, Data Science & Engineering (ICDSE), 2012 International Conference on, pp.52-57, 2012.

K. Sequeira and M. Zaki, Admit: anomaly-based data mining for intrusions, Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, pp.386-395, 2002.

A. Almalawi, Designing unsupervised intrusion detection for scada systems, 2014.

R. M. Elbasiony, E. A. Sallam, T. E. Eltobely, and M. M. Fahmy, A hybrid network intrusion detection framework based on random forests and weighted k-means, Ain Shams Engineering Journal, vol.4, issue.4, pp.753-762, 2013.

L. Tomlin, M. Farnam, and S. Pan, A clustering approach to industrial network intrusion detection, Proceedings of the 2016 Information Security Research and Education (INSuRE) Conference, 2016.

W. Wang, T. Guyet, R. Quiniou, M. Cordier, F. Masseglia et al., Autonomic intrusion detection: adaptively detecting anomalies over unlabeled audit data streams in computer networks, Knowledge-Based Systems, vol.70, pp.103-117, 2014.
URL : https://hal.archives-ouvertes.fr/hal-01052810

M. Ester, H. Kriegel, J. Sander, and X. Xu, A density-based algorithm for discovering clusters in large spatial databases with noise, Kdd, vol.96, pp.226-231, 1996.

M. Blowers and J. Williams, Machine learning applied to cyber operations, Network Science and Cybersecurity, pp.155-175, 2014.

S. Shamshirband, A. Amini, N. B. Anuar, M. L. Kiah, Y. W. Teh et al., D-ficca: a density-based fuzzy imperialist competitive clustering algorithm for intrusion detection in wireless sensor networks, Measurement, vol.55, pp.212-226, 2014.

A. Amini, H. Saboohi, T. , Y. Wah, and T. Herawan, A fast densitybased clustering algorithm for real-time internet of things stream, The Scientific World Journal, vol.2014, 2014.

K. Leung and C. Leckie, Unsupervised anomaly detection in network intrusion detection using clusters, Proceedings of the Twentyeighth Australasian conference on Computer Science, vol.38, pp.333-342, 2005.

G. R. Hendry and S. J. Yang, Intrusion signature creation via clustering anomalies', in Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security, International Society for Optics and Photonics, vol.6973, p.69730, 2008.

X. Wang, C. Zhang, and K. Zheng, Intrusion detection algorithm based on density, cluster centers, and nearest neighbors, China Communications, vol.13, issue.7, pp.24-31, 2016.

C. Harpes, A. Adelsbach, S. Zatti, and N. Peccia, Quantitative risk assessment with isamm on esa's operations data system, Proceedings of TTC, pp.173-176, 2007.

J. Pearl, Causality: Models, Reasoning, and Inference, pp.0-521, 2000.

N. Idika and B. Bhargava, Extending attack graph-based security metrics and aggregating their application', Dependable and Secure Computing, IEEE Transactions on, vol.9, issue.1, pp.75-85, 2012.

G. F. Cooper, The computational complexity of probabilistic inference using bayesian belief networks, Artificial intelligence, vol.42, issue.2, pp.393-405, 1990.

N. L. Zhang and D. Poole, A simple approach to bayesian network computations, Proc. of the Tenth Canadian Conference on Artificial Intelligence, 1994.

H. Kiiveri, T. P. Speed, and J. B. Carlin, Recursive causal models, Journal of the Australian Mathematical Society (Series A), vol.36, issue.01, pp.30-52, 1984.

S. Russell, P. Norvig, and A. Intelligence, A modern approach', Artificial Intelligence, Egnlewood Cliffs, vol.25, p.27, 1995.

D. Grochocki, J. H. Huh, R. Berthier, R. Bobba, W. H. Sanders et al., AMI threats, intrusion detection requirements and deployment recommendations, Smart Grid Communications (SmartGridComm), pp.395-400, 2012.

E. , Communication network interdependencies in smart grids, 2016.

P. Clote and E. Kranakis, Boolean functions and computation models, 2013.

B. Kordy, S. Mauw, S. Radomirovi´cradomirovi´c, and P. Schweitzer, Attack-defense trees, Journal of Logic and Computation, p.29, 2012.
URL : https://hal.archives-ouvertes.fr/hal-01825088

, Foundations of attack-defense trees, International Workshop on Formal Aspects in Security and Trust, pp.80-95, 2010.

B. Kordy, S. Mauw, M. Melissen, and P. Schweitzer, Attack-defense trees and two-player binary zero-sum extensive form games are equivalent, International Conference on Decision and Game Theory for Security, pp.245-256, 2010.

, International Organization for Standardization, ISO/IEC 27002-information technology-security techniques-code of practice for information security management, 2013.

D. G. Luenberger, Introduction to linear and nonlinear programming, MA, vol.28, 1973.

A. Roy, D. S. Kim, and K. S. Trivedi, Scalable optimal countermeasure selection using implicit enumeration on attack countermeasure trees, IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012), pp.1-12, 2012.

E. W. Dijkstra, A note on two problems in connexion with graphs, Numerische mathematik, vol.1, issue.1, pp.269-271, 1959.

M. L. Fredman and R. E. Tarjan, Fibonacci heaps and their uses in improved network optimization algorithms, Journal of the ACM (JACM), vol.34, issue.3, pp.596-615, 1987.

R. W. Floyd, Algorithm 97: shortest path, Communications of the ACM, vol.5, issue.6, p.345, 1962.

, KDD Cup, 1999.

E. Cole, Advanced persistent threat: understanding the danger and how to protect your organization, 2012.

S. Garcia, M. Grill, J. Stiborek, and A. Zunino, An empirical comparison of botnet detection methods', computers & security, vol.45, pp.100-123, 2014.

R. Berthier, D. I. Urbina, A. A. Cárdenas, M. Guerrero, U. Herberg et al., On the practicality of detecting anomalies with encrypted traffic in AMI, Smart Grid Communications (SmartGridComm), pp.890-895, 2014.

D. Wagner and P. Soto, Mimicry attacks on host-based intrusion detection systems, Proceedings of the 9th ACM Conference on Computer and Communications Security, pp.255-264, 2002.

D. Corpora, M57 patents, 2009.

J. A. Silva, E. R. Faria, R. C. Barros, E. R. Hruschka, A. C. De-carvalho et al., Data stream clustering: a survey, ACM Computing Surveys (CSUR), vol.46, issue.1, p.13, 2013.

Y. Chen and L. Tu, Density-based clustering for real-time stream data, Proceedings of the 13th ACM SIGKDD international conference on Knowledge discovery and data mining, pp.133-142, 2007.

K. Udommanetanakit, T. Rakthanmanon, and K. Waiyamai, E-stream: evolution-based technique for stream clustering, Advanced Data Mining and Applications, pp.605-615, 2007.

D. Corpora, Nitroba university harassment scenario, 2008.

N. A. , 4SICS geek lounge SCADA network capture, 2015.

S. Mirzaie, A. K. Elyato, and M. A. Sarram, Preventing of syn flood attack with iptables firewall, Communication Software and Networks, 2010. ICCSN'10. Second International Conference on, pp.532-535, 2010.

M. Ihde and W. H. Sanders, Barbarians in the gate: an experimental validation of nic-based distributed firewall performance and flood tolerance, Dependable Systems and Networks, 2006. DSN 2006. International Conference on, pp.209-216, 2006.

J. Jung, V. Paxson, A. W. Berger, and H. Balakrishnan, Fast portscan detection using sequential hypothesis testing', in Security and Privacy, Proceedings. 2004 IEEE Symposium on, pp.211-225, 2004.

A. Sridharan, T. Ye, and S. Bhattacharyya, Connectionless port scan detection on the backbone, Performance, Computing, and Communications Conference, 2006. IPCCC 2006. 25th IEEE International, p.10, 2006.

C. B. Lee, C. Roedel, and E. Silenok, Detection and characterization of port scan attacks, 2003.

L. Aniello, G. Lodi, and R. Baldoni, Inter-domain stealthy port scan detection through complex event processing, Proceedings of the 13th European Workshop on Dependable Computing, pp.67-72, 2011.

S. C. Lee and D. V. Heinbuch, Training a neural-network based intrusion detector to recognize novel attacks, IEEE Transactions on systems, man, and Cybernetics-Part A: Systems and Humans, vol.31, pp.294-299, 2001.

A. Khalimonenko, O. Kupreev, and K. Ilganaev, Kaspersky ddos intelligence report for q4 2017, 2018.

D. Holmes, The ddos threat spectrum, 2012.

J. Jeong, H. Kim, and J. Park, Requirements for security services based on software-defined networking, IETF, 2014.

S. Jin and D. S. Yeung, A covariance analysis model for ddos attack detection, IEEE International Conference on, IEEE, vol.4, pp.1882-1886, 2004.

S. Yu, W. Zhou, and R. Doss, Information theory based detection against network behavior mimicking ddos attacks, IEEE Communications Letters, vol.12, issue.4, 2008.

V. Sekar, N. G. Duffield, O. Spatscheck, J. E. Van-der-merwe, and H. Zhang, Lads: large-scale automated ddos detection system, USENIX Annual Technical Conference, pp.171-184, 2006.

A. Lakhina, M. Crovella, and C. Diot, Mining anomalies using traffic feature distributions, ACM SIGCOMM Computer Communication Review, ACM, vol.35, pp.217-228, 2005.

W. Press, S. Teukolsky, W. Vetterling, and B. Flannery, The Art of Scientific Computing, vol.77, 1992.

B. Brykczynski and R. A. Small, Reducing internet-based intrusions: effective security patch management, IEEE software, vol.20, pp.50-57, 2003.

. Microsoft, Microsoft security intelligence report, 2013.

I. F. , Common vulnerability scoring system v3.0: specification document, 2015.

I. Arce, The weakest link revisited, IEEE Security & Privacy, vol.99, issue.2, pp.72-76, 2003.

R. Motwani and P. Raghavan, Randomized algorithms, 2010.

?. S. Muller, C. Harpes, Y. Le-traon, S. Gombault, J. Bonnin et al., Dynamic risk analyses and dependency-aware root cause model for critical infrastructures, Critical Information Infrastructures Security: 11th International Conference, pp.163-175, 2016.
URL : https://hal.archives-ouvertes.fr/hal-01833589

?. O. Gadyatskaya, C. Harpes, S. Mauw, C. Muller, and S. Muller, Bridging two worlds: Reconciling practical risk assessment methodologies with theory of attack trees, Graphical Models for Security: Third International Workshop, pp.80-93, 2016.

?. S. Muller, C. Harpes, and C. Muller, Fast and optimal countermeasure selection for attack defence trees, Risk Assessment and Risk-Driven Quality Assurance: 4th International Workshop, pp.53-65, 2016.

?. S. Muller, C. Harpes, Y. L. Traon, S. Gombault, and J. Bonnin, Efficiently computing the likelihoods of cyclically interdependent risk scenarios, Computers & Security, vol.64, pp.167-4048, 2017.
URL : https://hal.archives-ouvertes.fr/hal-01427488