AI- and Metrics-Based Vulnerability-Centric Cyber Security Assessment and Countermeasure Selection

Abstract

This chapter considers methods and techniques for analytical processing of cyber security events and information. The approach suggested in the chapter is based on calculating a set of cyber security metrics suited for automatic- and human-based perception and analysis of cyber situation and suits for automated countermeasure response in a near real-time mode. To fulfil security assessments and make countermeasure decisions, artificial intelligence (AI)-based methods and techniques, including Bayesian, ontological and any-time mechanisms, are implemented. Different kinds of data are used: data from SIEM systems, data accumulated during security monitoring, and data generated by the word community in external databases of attacks, vulnerabilities and incidents for typical and special-purpose computer systems. To calculate integral metrics, the analytical models of evaluation objects are applied. To specify security objects and interrelationships among them, an ontological repository is realised. It joins data from various security databases and specifies techniques of logical inference to get answers on security-related requests. The suggested approach is demonstrated using several case studies.