In the paper we focus on (i) an assessment of impact on missions or business processes resulting from cyber attacks and (ii) the subsequent projection of further possible attacks and corresponding impact assessments. A reference model for impact assessment and situation projection (IASP) is provided, based on which we propose a constraint satisfaction (CS) algorithmic approach for performing IASP. The nodes of a constraint network contain variables with accompanying certainty factors characterizing aspects of missions, services, IT assets, network connections, known vulnerabilities, safeguards, cyber alerts, attack categories, and partial models of complex stepping-stone or island-hopping attacks. Given constraints among these variables, e.g. mission X depends on services Y and Z, the CS algorithm calculates IASP with degree of certainty. We demonstrate the approach on dataset containing audit trails, IDS alerts, and TCP traffic.
展开▼