Detection, Mitigation and Quantitative Security Risk Assessment of Invisible Attacks at Enterprise Network

摘要

Given the increasing dependence of our societies on network information systems and the efforts being provided by security communities to secure their networks, a strong sense of insecurity still prevails. Therefore, there is a need for new countermeasures against these cyber-attacks which causes disruption to business processes. The evaluation approaches to detect and assess the security risk level of cyber-attacks are harder to develop due to lack of information such as scope of attack and the way it originate. This paper assess the security risk level of those attacks which are targeting to IT, business networks and critical infrastructure, and where malicious user's actions are direct threats to the targeted system but yet not visible by the targeted system. This is achieved after classifying each Google dorks (commands) as an invisible attacks according to their characteristics. In addition, a method is devised to secure any organization's network against invisible attacks by creating a rule in Snort NIDPS signature database. Furthermore, OWASP risk rating methodology is incorporated to assess the overall severity risk level of invisible attacks on the network in terms of high, medium and low. Since, this method does not provide the quantitative security risk value of enterprise network, therefore, quantitative security risk assessment of enterprise network is determined using severity risk assessment table.