Continuous Risk Assessment for Large-Scale Cyber Systems
Cyberspace, with its multiple forms of device integration, is rapidly evolving and introducing loopholes within the cyber infrastructure, which creates opportunities for attackers. Despite the presence of network security devices such as firewalls, anti-virus, intrusion detection, and prevention systems, network intrusions still occur due to vulnerabilities within organizational assets or socially engineered cyber attacks. The lack of information about threats, vulnerabilities, and threat actors often leaves cyber defenders on a wild goose chase, making it critical to evaluate network security to mitigate adversarial threats periodically. Various risk assessment frameworks, third-party tools, and online databases containing comprehensive threat information have been proposed in the past. However, obtaining infrastructure-specific information using these resources is challenging and laborious for a cyber defender. This dissertation focuses on equipping cyber defenders with the necessary, relevant, and infrastructure-specific information to better evaluate their cyber-risk posture and offer potential mitigation approaches to secure organizational security. We present Cyber-threats and Vulnerability Information Analyzer (CyVIA), a dynamic and scalable framework for conducting continuous risk assessments of any given cyber infrastructure. CyVIA leverages concrete ways of analyzing anomalies and is designed to: 1) model the organizational security posture to evaluate security controls in place, 2) effectively combine vulnerability information from multi-formatted open-sourced vulnerability databases (VDBs) into a unified knowledge-base that is used to derive specific information, 3) map adversarial and control policies, services dependencies, applications, and vulnerabilities from the network nodes, 4) classify network nodes based on severities, and 5) provide consequences, mitigation, and relationship information of the found vulnerabilities. CyVIA has been empirically evaluated on a simulated network environment containing various flavors of Microsoft Windows and Linux operating systems and compare the results with other state-of-the-art tools. The evaluation demonstrates the effectiveness of CyVIA in providing relevant and infrastructure-specific information for evaluating and securing organizational security. CyVIA exhibits promising potential to assist cyber defenders in proactively identifying and mitigating vulnerabilities, thereby improving network security posture and reducing the risk of adversarial threats. This research’s findings contribute to the cybersecurity field by addressing the challenges of obtaining infrastructure-specific information for effective risk assessment and mitigation.
Computer science|Computer Engineering
Malik, Adeel Ashraf, "Continuous Risk Assessment for Large-Scale Cyber Systems" (2023). ETD Collection for University of Texas, El Paso. AAI30570380.