Dynamic reaction framework against cyber attacks
- Félix Gómez Mármol Director
Universidad de defensa: Universidad de Murcia
Fecha de defensa: 07 de septiembre de 2021
- Joaquín García Alfaro Presidente/a
- Gregorio Martínez Pérez Secretario
- Victor Abraham Villagrá González Vocal
Tipo: Tesis
Resumen
Cyberattacks targeting modern network infrastructures are becoming every day more frequent and disruptive, with ill-motivated entities trying to manipulate the confidentiality, integrity, and availability of the related data and services. In such an alarming scenario, cybersecurity becomes essential to protect system assets and ensure correct operations. Specifically, the reaction strategy against potential threats is crucial to eradicate them from the system and bring it back to a safe state. The main objective of this PhD thesis is to study, analyze and address the principal limitations of the state-of-the-art reaction frameworks, heading to the implementation of an innovative and robust countermeasures selection system. To achieve such an ambitious goal, the first milestone was to profoundly study and analyze the state-of-the-art reaction systems. Notably, the candidate investigated 24 of the most remarkable articles dealing with reaction strategies over a period of 5 years (i.e., from 2012 to 2016), comparing them based on seven common criteria. Based on this side-by-side analysis, the open challenges of the field are listed together with possible future directions to address them. Starting from the challenges highlighted, the second achievement of the PhD Thesis was the proposal of a standard representation of a countermeasure, detailing with fine granularity the necessary fields. The proposed representation considers specific characteristics of the countermeasures (e.g., effectiveness, impact, cost, possible parameters), but it also leverages already mature external security knowledge. Such a representation serves as a starting point toward the standardization of countermeasures within reaction ecosystems, enabling reaction knowledge sharing among worldwide security teams to build robust security plans. In turn, another accomplishment of the PhD dissertation consisted of designing and implementing a novel and scalable methodology to select the optimal set of atomic countermeasures to fire against the occurrence of cyber threats. Such a proposal leverages the capabilities of the Artificial Immune Systems (AIS), a bio-inspired technique that can calculate optimal outcomes in a more than acceptable time thanks to the constant cloning and mutation phases of the individuals within the solution space. Each of the achieved results was published in a top-tier journal, leading to a great dissemination within the research field. Indeed, the works proposed in the context of this PhD Thesis represent a significant advance of the state-of-the-art regarding the reaction frameworks. Nevertheless, some challenges are still unsolved and will lead to more contributions in the future. Concretely, there is a noticeable lack of a commonly used and shared countermeasures assessment system. The creation of such a system would be highly beneficial for each response framework since its results could be fairly compared with other approaches. Moreover, the proposed AIS-reaction methodology has been tested by simulating both the environment (i.e., targeted assets and countermeasures) and the threats. In this sense, it would be exciting to apply the designed framework in a real use-case scenario with real network traffic, from the detection of the threat to the enforcement of the suggested response, supervised by the security administrator at any time. Possibly, such a full-fledged detection-to-reaction framework will require the joint efforts of several institutions, leading to a potential research project proposal. Last but not least, another interesting research path contemplates the study of offensive countermeasures to enrich the reaction strategies.