Skip to main content
SpringerLink
Log in

Detection and Hardening Strategies to Secure an Enterprise Network

  • Conference paper
  • First Online:
Information Systems Security (ICISS 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14424))

Included in the following conference series:

  • 354 Accesses

Abstract

In today’s IT enterprises, security strategy determination has become exponentially complex with the increasing complexity of the network infrastructure. Various types of defenses are available with a security administrator, viz., harden, detect, isolate, deceive, and evict. These defenses have their specific purposes. Separate strategies are required for implementing each type of defense in the context of an enterprise network. The existing defense strategy selection schemes do not have explicit strategies for different classes of defenses. In this paper, we propose two separate strategies to determine the point of deployment of harden and detect defenses. These strategies would be useful in providing a better return on security investments.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 79.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    cve.mitre.org.

  2. 2.

    cwe.mitre.org.

  3. 3.

    attack.mitre.org.

  4. 4.

    d3fend.mitre.org.

  5. 5.

    crefnavigator.mitre.org/navigator.

  6. 6.

    nvd.nist.gov.

  7. 7.

    d3fend.mitre.org.

  8. 8.

    github.com/center-for-threat-informed-defense/attack_to_cve.

  9. 9.

    vulcan.io/voyager18/mitre-mapper.

  10. 10.

    d3fend.mitre.org/tools/attack-extractor.

  11. 11.

    www.first.org/cvss/specification-document.

References

  1. Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM Conference on Computer and Communications Security, Washington, DC, USA, pp. 217–224. ACM (2002)

    Google Scholar 

  2. Anjum, F., Subhadrabandhu, D., Sarkar, S., Shetty, R.: On optimal placement of intrusion detection modules in sensor networks. In: First International Conference on Broadband Networks, pp. 690–699. IEEE (2004)

    Google Scholar 

  3. Bistarelli, S., Fioravanti, F., Peretti, P.: Defense trees for economic evaluation of security investments. In: First International Conference on Availability, Reliability and Security (ARES’06), pp. 8-pp. IEEE (2006)

    Google Scholar 

  4. Bopche, G.S., Rai, G.N., Mehtre, B.M.: Inter-path diversity metrics for increasing networks robustness against zero-day attacks. In: Thampi, S.M., Madria, S., Wang, G., Rawat, D.B., Alcaraz Calero, J.M. (eds.) SSCC 2018. CCIS, vol. 969, pp. 53–66. Springer, Singapore (2019). https://doi.org/10.1007/978-981-13-5826-5_4

    Chapter  Google Scholar 

  5. Chen, H., Clark, J.A., Shaikh, S.A., Chivers, H., Nobles, P.: Optimising IDS sensor placement. In: 2010 International Conference on Availability, Reliability and Security, pp. 315–320. IEEE (2010)

    Google Scholar 

  6. Edge, K.S., Dalton, G.C., Raines, R.A., Mills, R.F.: Using attack and protection trees to analyze threats and defenses to homeland security. In: MILCOM 2006–2006 IEEE Military Communications Conference, pp. 1–7. IEEE (2006)

    Google Scholar 

  7. Fila, B., Wideł, W.: Exploiting attack-defense trees to find an optimal set of countermeasures. In: Proceedings of the 33rd IEEE Computer Security Foundations Symposium, CSF 2020, Boston, MA, USA, 22–26 June 2020, pp. 395–410. IEEE (2020)

    Google Scholar 

  8. George, G., Thampi, S.M.: A graph-based security framework for securing industrial IoT networks from vulnerability exploitations. IEEE Access 6, 43586–43601 (2018)

    Article  Google Scholar 

  9. Grigorescu, O., Nica, A., Dascalu, M., Rughinis, R.: CVE2ATT&CK: BERT-based mapping of CVEs to MITRE ATT&CK techniques. Algorithms 15(9), 314 (2022)

    Article  Google Scholar 

  10. Information security, cybersecurity and privacy protection - Guidance on managing information security risks. Standard, ISO/IEC, Geneva, CH, October 2022

    Google Scholar 

  11. Johnson, P., Lagerström, R., Ekstedt, M.: A meta language for threat modeling and attack simulations. In: Proceedings of the 13th International Conference on Availability, Reliability and Security, ARES 2018, Hamburg, Germany, 27–30 August 2018, pp. 38:1–38:8. ACM (2018)

    Google Scholar 

  12. Kaloroumakis, P.E., Smith, M.J.: Toward a knowledge graph of cybersecurity countermeasures. Corporation, Editor (2021)

    Google Scholar 

  13. Khouzani, M.H.R., Liu, Z., Malacaria, P.: Scalable min-max multi-objective cyber-security optimisation over probabilistic attack graphs. Eur. J. Oper. Res. 278(3), 894–903 (2019)

    Article  MathSciNet  MATH  Google Scholar 

  14. Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Foundations of attack–defense trees. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 80–95. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19751-2_6

    Chapter  Google Scholar 

  15. Kuppa, A., Aouad, L., Le-Khac, N.A.: Linking CVE’s to MITRE ATT &CK techniques. In: The 16th International Conference on Availability, Reliability and Security, pp. 1–12 (2021)

    Google Scholar 

  16. Mukherjee, P., Mazumdar, C.: Attack difficulty metric for assessment of network security. In: Proceedings of the 13th International Conference on Availability, Reliability and Security, pp. 1–10 (2018)

    Google Scholar 

  17. Mukherjee, P., Mazumdar, C.: “Security Concern” as a metric for enterprise business processes. IEEE Syst. J. 13(4), 4015–4026 (2019)

    Google Scholar 

  18. Mukherjee, P., Sengupta, A., Mazumdar, C.: “Security Gap” as a metric for enterprise business processes. Secur. Priv. 5(6), e263 (2022)

    Google Scholar 

  19. Noel, S., Jajodia, S.: Optimal IDS sensor placement and alert prioritization using attack graphs. J. Netw. Syst. Manag. 16, 259–275 (2008)

    Article  Google Scholar 

  20. Ortalo, R., Deswarte, Y., Kaâniche, M.: Experimenting with quantitative evaluation tools for monitoring operational security. IEEE Trans. Softw. Eng. 25(5), 633–650 (1999)

    Article  Google Scholar 

  21. Pamula, J., Jajodia, S., Ammann, P., Swarup, V.: A weakest-adversary security metric for network configuration security analysis. In: Proceedings of the 2nd ACM Workshop on Quality of Protection, pp. 31–38 (2006)

    Google Scholar 

  22. Phillips, C., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: Proceedings of the 1998 Workshop on New Security Paradigms, pp. 71–79 (1998)

    Google Scholar 

  23. Poolsappasit, N., Dewri, R., Ray, I.: Dynamic security risk management using Bayesian attack graphs. IEEE Trans. Dependable Secure Comput. 9(1), 61–74 (2011)

    Article  Google Scholar 

  24. Roy, A., Kim, D.S., Trivedi, K.S.: Cyber security analysis using attack countermeasure trees. In: Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research, pp. 1–4 (2010)

    Google Scholar 

  25. Sawik, T.: Selection of optimal countermeasure portfolio in IT security planning. Decis. Support Syst. 55(1), 156–164 (2013)

    Article  Google Scholar 

  26. Schneier, B.: Attack trees. Dr. Dobb’s J. 24(12), 21–29 (1999)

    Google Scholar 

  27. Sheyner, O., Haines, J.W., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proceedings of the IEEE Symposium on Security and Privacy, Berkeley, California, USA, pp. 273–284. IEEE Computer Society (2002)

    Google Scholar 

  28. Shin, Y., Kim, K., Lee, J.J., Lee, K.: Focusing on the weakest link: a similarity analysis on phishing campaigns based on the ATT &CK matrix. Secur. Commun. Netw. 2022, 1–12 (2022)

    Google Scholar 

  29. Soikkeli, J., Muñoz-González, L., Lupu, E.: Efficient attack countermeasure selection accounting for recovery and action costs. In: Proceedings of the 14th International Conference on Availability, Reliability and Security, pp. 1–10 (2019)

    Google Scholar 

  30. Stan, O., et al.: Heuristic approach towards countermeasure selection using attack graphs. arXiv preprint arXiv:1906.10943 (2019)

  31. UcedaVelez, T., Morana, M.M.: Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis. John Wiley & Sons, Hoboken (2015)

    Google Scholar 

  32. van Leeuwen, R.: Cyber-Attack Containment through Actionable Awareness. Doctoral dissertation, Master’s thesis. Technical University of Eindhoven (2022)

    Google Scholar 

  33. Wang, L., Islam, T., Long, T., Singhal, A., Jajodia, S.: An attack graph-based probabilistic security metric. In: Atluri, V. (ed.) DBSec 2008. LNCS, vol. 5094, pp. 283–296. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70567-3_22

    Chapter  Google Scholar 

  34. Wang, L., Singhal, A., Jajodia, S.: Measuring the overall security of network configurations using attack graphs. In: Barker, S., Ahn, G.-J. (eds.) DBSec 2007. LNCS, vol. 4602, pp. 98–112. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73538-0_9

    Chapter  Google Scholar 

  35. Widel, W., Mukherjee, P., Ekstedt, M.: Security countermeasures selection using the meta attack language and probabilistic attack graphs. IEEE Access 10, 89645–89662 (2022)

    Article  Google Scholar 

  36. Xiong, W., Legrand, E., Åberg, O., Lagerström, R.: Cyber security threat modeling based on the MITRE enterprise ATT &CK matrix. Softw. Syst. Model. 21(1), 157–177 (2022)

    Article  Google Scholar 

  37. Zheng, K., Albert, L.A., Luedtke, J.R., Towle, E.: A budgeted maximum multiple coverage model for cybersecurity planning and management. IISE Trans. 51(12), 1303–1317 (2019)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Digital University Kerala, Thiruvananthapuram, Kerala, India

    Preetam Mukherjee, Sabu M. Thampi, N. Rohith, Bishwajit Kumar Poddar & Ipshita Sen

Authors
  1. Preetam Mukherjee
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sabu M. Thampi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. N. Rohith
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Bishwajit Kumar Poddar
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ipshita Sen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Preetam Mukherjee .

Editor information

Editors and Affiliations

  1. Griffith University, Gold Coast, QLD, Australia

    Vallipuram Muthukkumarasamy

  2. Centre for Development of Advanced Computing (C-DAC), Bangalore, India

    Sithu D. Sudarsan

  3. Indian Institute of Technology Bombay, Mumbai, India

    Rudrapatna K. Shyamasundar

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Mukherjee, P., Thampi, S.M., Rohith, N., Poddar, B.K., Sen, I. (2023). Detection and Hardening Strategies to Secure an Enterprise Network. In: Muthukkumarasamy, V., Sudarsan, S.D., Shyamasundar, R.K. (eds) Information Systems Security. ICISS 2023. Lecture Notes in Computer Science, vol 14424. Springer, Cham. https://doi.org/10.1007/978-3-031-49099-6_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-49099-6_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-49098-9

  • Online ISBN: 978-3-031-49099-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation