A Model to Measure Effectiveness in Cyber Security Situational Awareness

Document Type : Computer and Network Security-Ghaemi


1 Department of Industrial and Systems Engineering, Tarbiat Modares University.

2 Department of Computer Engineering, Amirkabir University of Technology.


Nowadays, the number of cyberattacks and, consequently, the risk of them is increasing significantly. So, it is vital to be aware of the cybersecurity situation. This paper provides a model to measure the success or effectiveness of the organization's security missions, that is, to determine whether security events such as the occurrence of an attack or the selection of countermeasures have been effective on the success of organizational missions. Two components are considered as inputs for this purpose. The first one is the network dependency graph which demonstrates how different assets in the network are dependent on each other and with what intensity or weight they affect each other. Another component is the mission dependency graph which specifies the relation between organizational assets, tasks, functions, and mission objectives. It also specifies the impact of the assets on the organizational tasks, functions, and mission objectives.

Previous researches focused more on determining the impact of attacks on different assets. However, this paper aims to assess this impact by considering the organizational mission. This model is proposed in such a way that its components are separable. It helps different organizations with specific goals and different requirements to use this model so that they can personalize and customize its different components. This model can be employed for critical asset recognition. Moreover, it enables us to know which countermeasures are more effective in terms of the organizational mission.


Main Subjects

[1]    Endsley, M. R. (1995). Toward a theory of situation awareness in dynamic systems. Human factors, 37(1), 32-64.
[2]    Malowidzki, M., Hermanowski, D., & Berezinski, P. (2019). TAG: Topological Attack Graph Analysis Tool. 2019 3rd Cyber Security in Networking Conference (CSNet).
[3]    Aissa, A., Abdalla, I., Hussein, L., & Elhadad, A. (2020). A novel stochastic model for cybersecurity metric inspired by Markov chain model and attack graphs. International Journal of Scientific & Technology Research, 6330– 6335.
[4]    Frigault, M., & Wang, L. (2008). Measuring Network Security Using Bayesian Network-Based Attack Graphs. 2008 32nd Annual IEEE International Computer Software and Applications Conference, https://doi.org/10.1109/compsac.2008.88
[5]    Khosravi-Farmad, M., & Ghaemi-Bafghi, A. (2020). Bayesian Decision Network-Based Security Risk Management Framework. Journal of Network and Systems Management, 28(4), 1794–1819.
[6]    Chung, C. J., Khatkar, P., Xing, T., Lee, J., & Huang, D. (2013). NICE: Network intrusion detection and countermeasure selection in virtual network systems. IEEE transactions on dependable and secure computing, 10(4), 198-211.
[7]    Wang, L., Jajodia, S., Singhal, A., & Noel, S. (2010). k-Zero Day Safety: Measuring the Security Risk of Networks against Unknown Attacks. Computer Security – ESORICS 2010, 573–587. https://doi.org/10.1007/978-3-642-154973_35.
[8]    Albanese, M., & Jajodia, S. (2018). A graphical model to assess the impact of multi-step attacks. The Journal of Defense Modeling and Simulation, 15(1), 79-93.
[9]    Motzek, A., & Moller, R. (2017). Context-and bias-free probabilistic mission impact assessment. Computers & Security, 65, 166-186.
[10] Kheir, N., Cuppens-Boulahia, N., Cuppens, F., & Debar, H. (2010). A service dependency model for cost-sensitive intrusion response. In Computer Security–ESORICS 2010: 15th European Symposium on Research in Computer Security, Athens, Greece, September 20-22, 2010. Proceedings 15 (pp. 626-642). Springer Berlin Heidelberg.
[11] Tadda, G. P., & Salerno, J. S. (2009). Overview of Cyber Situation Awareness. Advances in Information Security, 15–35. https://doi.org/10.1007/978-1-44190140-8_2
[12] Zand, A., Houmansadr, A., Vigna, G., Kemmerer, R., & Kruegel, C. (2015, December. Know Your Achilles’ Heel: Automatic Detection of Network Critical Services, in Proceedings of the 31st Annual Computer Security Applications Conference (pp. 41-50).
[13] Yang, T., Shen, J., Su, Y., Ling, X., Yang, Y., & Lyu, M.R. (2021, November). AID: Efficient Prediction of Aggregated Intensity of Dependency in Largescale Cloud Systems. In 2021 36th IEEE/ACM International Conference on Automated Software Engineering (ASE) (pp. 653-665). IEEE.
[14] Yin, J., Zhao, X., Tang, Y., Zhi, C., Chen, Z., & Wu, Z. (2016). Cloudscout: A non-intrusive approach to service dependency discovery. IEEE Transactions on Parallel and Distributed Systems, 28(5), 1271-1284.
[15]. FarahaniNia, S., Dehghan, M., Sadeghiyan, B., and Niksefat, S. (2023), Impact Assessment for Cyber Security Situation Awareness, International Journal of Information and Communication Technology Research, 15(3), 21-30.
[16] Shirazi, A., Kazemi, M. (2020). A New Model for Information Security Risk Management. In: Baghdadi, Y., Harfouche, A., Musso, M. (eds) ICT for an Inclusive World. Lecture Notes in Information Systems and Organisation, 3 551-566.
[17] Rongrong, X., Xiaochun, Y., Zhiyu, H. (2019). A Framework for Risk Assessment in Cyber Situational Awareness. IET Information Security. 13(2), 149-156.
[18] Saaty, T. L. (1988). What is the analytic hierarchy process? Springer Berlin Heidelberg, 109-121.
[19] Saaty, T. L., Vargas, L. G., Saaty, T. L., & Vargas, L. G. (2013). The analytic network processes. Springer US.
[20] Doynikova, E., & Kotenko, I. (2016). Countermeasure selection based on the attack and service dependency graphs for security incident management. In Risks and Security of Internet and Systems: 10th International Conference, CRiSIS 2015, Mytilene, Lesbos Island, Greece, July 20-22, 2015, Revised Selected Papers 10 (pp. 107-124). Springer International Publishing.
[21] Hornik, K., Stinchcombe, M., & White, H. (1989). Multilayer feedforward networks are universal approximators. Neural networks, 2(5), 359-366.