, Aperçu des composantes du système de surveillance des risques
Overview of the risk monitoring framework and its components ,
The risk importance is defined as impact × likelihood. Risks are accepted when their importance is 5 or less (depicted by a green cell); they are to be mitigated otherwise (red cell), A very simple heat map based on 3-value impact and 3-value likelihood scales ,
Example of functionally dependent assets ,
, Example of implicitly contained risk scenarios, p.10
Example of interdependencies resulting from security incidents and its cascade effects ,
, Situation where security events are cyclically dependent
Graphical example of a dependency graph with probability values ,
Split-up of a risk-scenario in multiple events, with impact attached to the most appropriate one, p.41 ,
, The risk management process according to ISO 27005, p.44
, Dependencies as an extension to the risk management process, p.45
Simple example of cyclically dependent events encoded in a graph ,
Execution time of Algorithm 1 in seconds, depending on the graph size n, with ? = 0.1 and = 0.01 and an average of 5 neighbours per node ,
Execution time of Algorithm 1 in seconds, depending on the precision ? of the results, with n = 500 and = 0.01 and an average of 5 neighbours per node ,
, Execution time of Algorithm 1 in seconds, depending on the correctness of the algorithm output, with n = 500 and ? = 0.1 and an average of 5 neighbours per node, p.51
, Execution time of Algorithm 1 in seconds, depending on the graph size n and m, with ? = 0.1 and = 0.01, p.52
59 3.13 Example of an overfull dependency graph, Class diagram representing the taxonomy of assets involved in a risk analysis, p.60 ,
, Anonymised network diagram of the central system architecture showing devices and the their affinity to the respective networks. DSO denotes a Distribution System Operator
DMZ stands for DeMilitarised Zone; field devices include data concentrators and smart meters ,
Anonymised hierarchy of certificates used in the smart grid ,
, Excerpt of the matching between applications (solid boxes) and services (dashed boxes). SIEM denotes the Security Information and Event Management appliance, p.64
, Endless loop in dependencies for general boolean formulae, p.67
, A sample attack-defence tree. The dashed nodes correspond to defences that apply to the attack step above them, p.67
, Risk monitoring making use of the dependency model to automatically update the risk estimates in real-time, p.76
, Example evolution of a dynamically reported risk factor, p.79
A notification overridden by another one, due to the enforcement parameter being set (f=true) ,
, A notification not overridden by another one, due to its smaller value and the enforcement parameter not being set (f=false), p.81
, An intermediary risk monitoring platform for storing risk indicator values, separating agents from the risk analysis, p.82
Interaction of risk monitoring components, p.89 ,
, TRICK Service with the use of formulae
, Comparison of linear and logarithmic time lines, p.96
Evolution of (quantitative) risk visualised in a logarithmic time line in TRICK Service ,
, Note the abrupt 'jumps' for the measured data rate. This example is based on the data sets recorded by Garcia et al
2 Illustration of the training attack over time, for the case of the data rate. An attacker proceeds by progressively injecting more and more packets until he eventually reaches the desired critical threshold ,
Instead of only increasing the traffic load, an attacker creates enough 'normal' data in-between, which outweighs (and thus hides) the malicious traffic ,
, Note how the µ + 3 · ? threshold value (thick red line) is not a good descriptor of 'normal' traffic and thus a bad candidate for detecting outliers in the traffic, 4 Illustration of typical data rates for HTTP traffic (thin black line), p.106
Example of a two-dimensional state space divided into a grid ,
Work-flow of the intrusion detection system, vol.108 ,
The several steps of the training attack and how they appear at different time scales ,
Guide to industrial control systems (ics) security', NIST special publication, vol.800, pp.16-16, 2011. ,
Cyber incidents involving control systems', Idaho National Laboratory (INL), 2005. ,
Empirical estimates and observations of 0day vulnerabilities, System Sciences, 2009. HICSS'09. 42nd Hawaii International Conference on, pp.1-12, 2009. ,
Qualitative vs. quantitative risk assessment, 2012. ,
Some limitations of qualitative risk rating systems, Risk Analysis, vol.25, issue.3, pp.651-662, 2005. ,
Risk matrix: an approach for identifying, assessing, and ranking program risks, Air Force Journal of Logistics, vol.22, issue.1, pp.18-21, 1998. ,
Establishing a program risk baseline, an annotated briefing', The MITRE Corporation, pp.1-10, 1998. ,
Risk matrix method and its application in the field of technical project risk management, Engineering Science, vol.5, issue.1, pp.89-94, 2003. ,
Some extensions on risk matrix approach, Safety Science, vol.48, issue.10, pp.1269-1278, 2010. ,
What's wrong with risk matrices?, vol.28, pp.497-512, 2008. ,
, International Organization for Standardization, ISO/IEC 27005: information security risk management, 2008.
Privacy impact assessment (pia) 1 : methodology, 2018. ,
, Privacy impact assessment (pia) 2 : template, 2018.
, Privacy impact assessment (pia) 3 : knowledge bases, 2018.
Model-driven risk analysis: the CORAS approach, 2010. ,
A qualitative risk analysis and management tool-cramm', SANS InfoSec Reading Room White Paper, 2002. ,
, A. nationale de la sécurité des systèmes d'information, EBIOS: expression des besoins et identification des objectifs de sécurité, 2010.
Sicherheit in der Informationstechnik, BSI-standard 200-3: risikomanagement, 2017. ,
Magerit-version 3, methodology for information systems risk analysis and management, book i-the method, 2014. ,
, MEHARI: principes fondamentaux et spécifications fonctionnelles, 2010.
Managing information security risks: the OCTAVE approach, 2002. ,
, The Risk IT framework, ISACA, 2009.
An overview of risk assessment methods, 2014. ,
Current established risk assessment methodologies and tools, 2013. ,
Lisboa, [26] International Organization for Standardization, ISO/IEC 27019: information technology-security techniques-information security management guidelines based on ISO/IEC 27002 for process control systems specific to the energy utility industry, 2013. ,
, European Union Agency for Network and Information Security, 2017.
The fukushima disaster and japan's nuclear plant vulnerability in comparative perspective, Environmental science & technology, vol.47, issue.12, pp.6082-6088, 2013. ,
, International Organization for Standardization, ISO/IEC 31000: risk management, 2018.
Empirical findings on critical infrastructure dependencies in europe, International Workshop on Critical Information Infrastructures Security, pp.302-310, 2008. ,
Identifying, understanding, and analyzing critical infrastructure interdependencies, IEEE Control Systems, vol.21, issue.6, pp.11-25, 2001. ,
Controlling cascading failure: understanding the vulnerabilities of interconnected infrastructures, Journal of Urban Technology, vol.9, issue.1, pp.109-123, 2002. ,
Risk relationship and cascading effects in critical infrastructures: implications for the hyogo framework, 2014. ,
The base-rate fallacy and the difficulty of intrusion detection, ACM Transactions on Information and System Security (TISSEC), vol.3, issue.3, pp.186-205, 2000. ,
Proactively detecting distributed denial of service attacks using source ip address monitoring, International Conference on Research in Networking, pp.771-782, 2004. ,
Inferring internet denial-of-service activity, ACM Transactions on Computer Systems (TOCS), vol.24, issue.2, pp.115-139, 2006. ,
Defending against flooding-based distributed denialof-service attacks: a tutorial, IEEE communications magazine, vol.40, issue.10, pp.42-51, 2002. ,
Evaluating computer intrusion detection systems: a survey of common practices, ACM Computing Surveys (CSUR), vol.48, issue.1, p.12, 2015. ,
Anomaly detection: a survey, ACM computing surveys (CSUR), vol.41, p.15, 2009. ,
The utilization of artificial intelligence in a hybrid intrusion detection system, Proceedings of the 2002 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology, South African Institute for Computer Scientists and Information Technologists, pp.149-155, 2002. ,
Combining multiple techniques for intrusion detection, Int J Comput Sci Network Security, vol.6, issue.2B, pp.208-218, 2006. ,
Intrusion detection systems: a survey and taxonomy, 2000. ,
Towards a taxonomy of intrusiondetection systems, Computer Networks, vol.31, issue.8, pp.805-822, 1999. ,
Outside the closed world: on using machine learning for network intrusion detection', in Security and Privacy (SP), IEEE Symposium on, pp.305-316, 2010. ,
Can machine learning be secure?, Proceedings of the 2006 ACM Symposium on Information, pp.16-25, 2006. ,
Risk monitoring in industrial control systems, Advanced Data Collection and Risks (ADaCoR) Workshop, 2016. ,
Dynamic risk analysis', in Security Assessment for Systems, Services, and Infrastructures (SASSI) Workshop, 2015. ,
Dynamic risk analyses and dependency-aware root cause model for critical infrastructures, Critical Information Infrastructures Security: 11th International Conference, pp.978-981, 2016. ,
URL : https://hal.archives-ouvertes.fr/hal-01833589
,
Bridging two worlds: reconciling practical risk assessment methodologies with theory of attack trees, Graphical Models for Security: Third International Workshop, pp.80-93, 2016. ,
Fast and optimal countermeasure selection for attack defence trees, Risk Assessment and RiskDriven Quality Assurance: 4th International Workshop, pp.53-65, 2016. ,
Efficiently computing the likelihoods of cyclically interdependent risk scenarios, Computers & Security, vol.64, pp.167-4048, 2017. ,
URL : https://hal.archives-ouvertes.fr/hal-01427488
A training-resistant anomaly detection system, Computers & Security, vol.76, pp.167-4048, 2018. ,
URL : https://hal.archives-ouvertes.fr/hal-01836374
A hierarchical information system risk evaluation method based on asset dependence chain, International Journal of Security and Its Applications, vol.8, issue.6, pp.81-88, 2014. ,
Model-based security analysis in seven steps-a guided tour to the coras method, BT Technology Journal, vol.25, issue.1, pp.101-117, 2007. ,
Asset valuation method for dependent entities, Journal of Internet Services and Information Security, vol.4, issue.3, pp.72-81, 2014. ,
Asset analysis of risk assessment for iec 61850-based power control systems-part i: methodology, IEEE Transactions on Power Delivery, vol.26, issue.2, pp.869-875, 2011. ,
The is risk analysis based on a business model, Information & Management, vol.41, issue.2, pp.149-158, 2003. ,
, Event tree analysis (eta), Risk Analysis of Technological Systems, vol.3, pp.60300-60303, 1995.
Formal reasoning techniques for goal models, J. Data Semantics, vol.1, issue.1, pp.1-20, 2003. ,
Configurable satisfiability propagation for goal, Advances in information systems development: new methods and practice for the networked society, vol.2, p.167, 2007. ,
Attack trees, Dr. Dobb's journal, vol.24, issue.12, pp.21-29, 1999. ,
Foundations of attack trees, Icisc, vol.3935, pp.186-198, 2005. ,
Risk-based security engineering through the eyes of the adversary, Information Assurance Workshop, 2005. IAW'05. Proceedings from the Sixth Annual IEEE SMC, pp.158-165, 2005. ,
Attack-defense trees, 2013. ,
Attack-defense trees, Journal of Logic and Computation, vol.24, issue.1, pp.55-87, 2014. ,
URL : https://hal.archives-ouvertes.fr/hal-01825088
Assessing ICT risk through a Monte Carlo method, Environment Systems and Decisions, vol.33, issue.4, pp.486-499, 2013. ,
Attack tree-based threat risk analysis', Amenaza Technologies Limited, pp.3-9, 2010. ,
Quantitative risk-based security prediction for component-based systems with explicitly modeled attack profiles, Journal of Systems and Software, vol.81, issue.8, pp.1327-1345, 2008. ,
Using attack and protection trees to analyze threats and defenses to homeland security, Military Communications Conference, pp.1-7, 2006. ,
Quantitative cyber risk reduction estimation methodology for a small scada control system, System Sciences, 2006. HICSS'06. Proceedings of the 39th Annual Hawaii International Conference on, vol.9, pp.226-226, 2006. ,
A method for risk modeling of interdependencies in critical infrastructures, Reliability Engineering & System Safety, vol.96, issue.6, pp.671-678, 2011. ,
A risk management methodology for project risk dependencies, IEEE Transactions on Software Engineering, vol.37, issue.5, pp.635-648, 2011. ,
Risk management using behavior based attack graphs, Proceedings. ITCC 2004. International Conference on, IEEE, vol.1, pp.445-449, 2004. ,
Ontology-based generation of Bayesian networks, Complex, Intelligent and Software Intensive Systems, 2009. CISIS'09. International Conference on, pp.712-717, 2009. ,
Modeling asset dependency for security risk analysis using threat-scenario dependency, International Journal of Computer Science and Information Security, vol.10, issue.4, p.103, 2012. ,
Dynamic security risk management using bayesian attack graphs, IEEE Transactions on Dependable and Secure Computing, vol.9, pp.61-74, 2012. ,
A sound and practical approach to quantifying security risk in enterprise networks, pp.1-15, 2009. ,
Assessing norder dependencies between critical infrastructures, International Journal of Critical Infrastructures, vol.6, issue.1-2, pp.93-110, 2013. ,
An attack graph-based probabilistic security metric', in Data and applications security XXII, pp.283-296, 2008. ,
Real-time risk assessment with network sensors and intrusion detection systems, International Conference on Computational and Information Science, pp.388-397, 2005. ,
Multisensor real-time risk assessment using continuous-time hidden markov models', in Computational Intelligence and Security, International Conference on, vol.2, pp.1536-1540, 2006. ,
Using hidden markov models to evaluate the real-time risks of network, Knowledge Acquisition and Modeling Workshop, pp.490-493, 2008. ,
Towards dynamic risk management: success likelihood of ongoing attacks, Bell Labs Technical Journal, vol.17, issue.3, pp.61-78, 2012. ,
URL : https://hal.archives-ouvertes.fr/hal-01162078
Graph based metrics for intrusion response measures in computer networks, Local Computer Networks, 2007. LCN 2007. 32nd IEEE Conference on, pp.1035-1042, 2007. ,
Measuring security risk of networks using attack graphs, International Journal of NextGeneration Computing, vol.1, issue.1, pp.135-147, 2010. ,
Using bayesian networks for cyber security analysis, Dependable Systems and Networks (DSN) ,
, IEEE/IFIP international conference on, pp.211-220, 2010.
Sat-solving approaches to context-aware enterprise network security management, IEEE Journal on selected areas in communications, vol.27, issue.3, 2009. ,
Rheostat: real-time risk management, RAID, pp.296-314, 2004. ,
Dynamic risk management systems: hybrid architecture and offshore platform illustration, Risk analysis, vol.18, issue.4, pp.485-496, 1998. ,
Advanced reaction using risk assessment in intrusion detection systems, International Workshop on Critical Information Infrastructures Security, pp.58-70, 2007. ,
URL : https://hal.archives-ouvertes.fr/hal-00540863
A multi-agent based framework for supply chain risk management, Journal of Purchasing and Supply Management, vol.17, issue.1, pp.23-31, 2011. ,
A gis-based generic real-time risk assessment framework and decision tools for chemical spills in the river basin, Journal of hazardous materials, vol.227, pp.280-291, 2012. ,
A framework for dynamic safety and risk management modeling in complex engineering systems, 2007. ,
Computer security threat monitoring and surveillance, Tech. Rep, 1980. ,
An intrusion-detection model, IEEE Transactions on software engineering, issue.2, pp.222-232, 1987. ,
A survey of intrusion detection techniques for cyber-physical systems, ACM Computing Surveys (CSUR), vol.46, issue.4, p.55, 2014. ,
Scada-specific intrusion detection/prevention systems: a survey and taxonomy, Proceedings of the 1st Workshop on Secure Control Systems (SCS), vol.11, 2010. ,
A survey of data mining and machine learning methods for cyber security intrusion detection, IEEE Communications Surveys & Tutorials, vol.18, issue.2, pp.1153-1176, 2016. ,
Omc-ids: at the cross-roads of olap mining and intrusion detection, Pacific-Asia Conference on Knowledge Discovery and Data Mining, pp.13-24, 2012. ,
URL : https://hal.archives-ouvertes.fr/hal-01300473
Intrusion detection with unlabeled data using clustering, Proceedings of ACM CSS Workshop on Data Mining Applied to Security (DMSA-2001, 2001. ,
Intrusion detection based on k-means clustering and naive bayes classification', in Information Technology in Asia (CITA 11), 7th International Conference on, pp.1-6, 2011. ,
A new data mining based hybrid network intrusion detection model, Data Science & Engineering (ICDSE), 2012 International Conference on, pp.52-57, 2012. ,
Admit: anomaly-based data mining for intrusions, Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining, pp.386-395, 2002. ,
Designing unsupervised intrusion detection for scada systems, 2014. ,
A hybrid network intrusion detection framework based on random forests and weighted k-means, Ain Shams Engineering Journal, vol.4, issue.4, pp.753-762, 2013. ,
A clustering approach to industrial network intrusion detection, Proceedings of the 2016 Information Security Research and Education (INSuRE) Conference, 2016. ,
Autonomic intrusion detection: adaptively detecting anomalies over unlabeled audit data streams in computer networks, Knowledge-Based Systems, vol.70, pp.103-117, 2014. ,
URL : https://hal.archives-ouvertes.fr/hal-01052810
A density-based algorithm for discovering clusters in large spatial databases with noise, Kdd, vol.96, pp.226-231, 1996. ,
Machine learning applied to cyber operations, Network Science and Cybersecurity, pp.155-175, 2014. ,
D-ficca: a density-based fuzzy imperialist competitive clustering algorithm for intrusion detection in wireless sensor networks, Measurement, vol.55, pp.212-226, 2014. ,
A fast densitybased clustering algorithm for real-time internet of things stream, The Scientific World Journal, vol.2014, 2014. ,
Unsupervised anomaly detection in network intrusion detection using clusters, Proceedings of the Twentyeighth Australasian conference on Computer Science, vol.38, pp.333-342, 2005. ,
Intrusion signature creation via clustering anomalies', in Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security, International Society for Optics and Photonics, vol.6973, p.69730, 2008. ,
Intrusion detection algorithm based on density, cluster centers, and nearest neighbors, China Communications, vol.13, issue.7, pp.24-31, 2016. ,
Quantitative risk assessment with isamm on esa's operations data system, Proceedings of TTC, pp.173-176, 2007. ,
Causality: Models, Reasoning, and Inference, pp.0-521, 2000. ,
Extending attack graph-based security metrics and aggregating their application', Dependable and Secure Computing, IEEE Transactions on, vol.9, issue.1, pp.75-85, 2012. ,
The computational complexity of probabilistic inference using bayesian belief networks, Artificial intelligence, vol.42, issue.2, pp.393-405, 1990. ,
A simple approach to bayesian network computations, Proc. of the Tenth Canadian Conference on Artificial Intelligence, 1994. ,
Recursive causal models, Journal of the Australian Mathematical Society (Series A), vol.36, issue.01, pp.30-52, 1984. ,
A modern approach', Artificial Intelligence, Egnlewood Cliffs, vol.25, p.27, 1995. ,
AMI threats, intrusion detection requirements and deployment recommendations, Smart Grid Communications (SmartGridComm), pp.395-400, 2012. ,
Communication network interdependencies in smart grids, 2016. ,
Boolean functions and computation models, 2013. ,
Attack-defense trees, Journal of Logic and Computation, p.29, 2012. ,
URL : https://hal.archives-ouvertes.fr/hal-01825088
, Foundations of attack-defense trees, International Workshop on Formal Aspects in Security and Trust, pp.80-95, 2010.
Attack-defense trees and two-player binary zero-sum extensive form games are equivalent, International Conference on Decision and Game Theory for Security, pp.245-256, 2010. ,
, International Organization for Standardization, ISO/IEC 27002-information technology-security techniques-code of practice for information security management, 2013.
Introduction to linear and nonlinear programming, MA, vol.28, 1973. ,
Scalable optimal countermeasure selection using implicit enumeration on attack countermeasure trees, IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012), pp.1-12, 2012. ,
A note on two problems in connexion with graphs, Numerische mathematik, vol.1, issue.1, pp.269-271, 1959. ,
Fibonacci heaps and their uses in improved network optimization algorithms, Journal of the ACM (JACM), vol.34, issue.3, pp.596-615, 1987. ,
Algorithm 97: shortest path, Communications of the ACM, vol.5, issue.6, p.345, 1962. ,
, KDD Cup, 1999.
Advanced persistent threat: understanding the danger and how to protect your organization, 2012. ,
An empirical comparison of botnet detection methods', computers & security, vol.45, pp.100-123, 2014. ,
On the practicality of detecting anomalies with encrypted traffic in AMI, Smart Grid Communications (SmartGridComm), pp.890-895, 2014. ,
Mimicry attacks on host-based intrusion detection systems, Proceedings of the 9th ACM Conference on Computer and Communications Security, pp.255-264, 2002. ,
, M57 patents, 2009.
Data stream clustering: a survey, ACM Computing Surveys (CSUR), vol.46, issue.1, p.13, 2013. ,
Density-based clustering for real-time stream data, Proceedings of the 13th ACM SIGKDD international conference on Knowledge discovery and data mining, pp.133-142, 2007. ,
E-stream: evolution-based technique for stream clustering, Advanced Data Mining and Applications, pp.605-615, 2007. ,
Nitroba university harassment scenario, 2008. ,
4SICS geek lounge SCADA network capture, 2015. ,
Preventing of syn flood attack with iptables firewall, Communication Software and Networks, 2010. ICCSN'10. Second International Conference on, pp.532-535, 2010. ,
Barbarians in the gate: an experimental validation of nic-based distributed firewall performance and flood tolerance, Dependable Systems and Networks, 2006. DSN 2006. International Conference on, pp.209-216, 2006. ,
Fast portscan detection using sequential hypothesis testing', in Security and Privacy, Proceedings. 2004 IEEE Symposium on, pp.211-225, 2004. ,
Connectionless port scan detection on the backbone, Performance, Computing, and Communications Conference, 2006. IPCCC 2006. 25th IEEE International, p.10, 2006. ,
Detection and characterization of port scan attacks, 2003. ,
Inter-domain stealthy port scan detection through complex event processing, Proceedings of the 13th European Workshop on Dependable Computing, pp.67-72, 2011. ,
Training a neural-network based intrusion detector to recognize novel attacks, IEEE Transactions on systems, man, and Cybernetics-Part A: Systems and Humans, vol.31, pp.294-299, 2001. ,
Kaspersky ddos intelligence report for q4 2017, 2018. ,
The ddos threat spectrum, 2012. ,
Requirements for security services based on software-defined networking, IETF, 2014. ,
A covariance analysis model for ddos attack detection, IEEE International Conference on, IEEE, vol.4, pp.1882-1886, 2004. ,
Information theory based detection against network behavior mimicking ddos attacks, IEEE Communications Letters, vol.12, issue.4, 2008. ,
Lads: large-scale automated ddos detection system, USENIX Annual Technical Conference, pp.171-184, 2006. ,
Mining anomalies using traffic feature distributions, ACM SIGCOMM Computer Communication Review, ACM, vol.35, pp.217-228, 2005. ,
, The Art of Scientific Computing, vol.77, 1992.
Reducing internet-based intrusions: effective security patch management, IEEE software, vol.20, pp.50-57, 2003. ,
Microsoft security intelligence report, 2013. ,
Common vulnerability scoring system v3.0: specification document, 2015. ,
The weakest link revisited, IEEE Security & Privacy, vol.99, issue.2, pp.72-76, 2003. ,
Randomized algorithms, 2010. ,
Dynamic risk analyses and dependency-aware root cause model for critical infrastructures, Critical Information Infrastructures Security: 11th International Conference, pp.163-175, 2016. ,
URL : https://hal.archives-ouvertes.fr/hal-01833589
Bridging two worlds: Reconciling practical risk assessment methodologies with theory of attack trees, Graphical Models for Security: Third International Workshop, pp.80-93, 2016. ,
Fast and optimal countermeasure selection for attack defence trees, Risk Assessment and Risk-Driven Quality Assurance: 4th International Workshop, pp.53-65, 2016. ,
Efficiently computing the likelihoods of cyclically interdependent risk scenarios, Computers & Security, vol.64, pp.167-4048, 2017. ,
URL : https://hal.archives-ouvertes.fr/hal-01427488
A training-resistant anomaly detection system, Computers & Security, vol.76, pp.167-4048, 2018. ,
URL : https://hal.archives-ouvertes.fr/hal-01836374