A Pyramidal-Based Model To Compute The Impact Of Cyber Security Events

This paper presents a geometrical model that projects malicious and benign events (e.g., attacks, security countermeasures) as pyramidal instances in a multidimensional coordinate system. The approach considers internal event data related to the target system (e.g., users, physical, and logical resources, IP addresses, port numbers, etc.), and external event data related to the attacker (e.g., knowledge, motivation, skills, etc.) that can be obtained a priori and a posteriori. Internal data is used to model the base of the pyramid, whereas external data is used to model its height. In addition, the approach considers state transitions taken by the attacker to model the steps of a multi-stage attack to reach to its final goal. As a result, for each modeled state, new countermeasures are evaluated and the attacker's knowledge a posteriori changes accordingly, making it possible to evaluate the impact of the attack at time T-i, where i denotes the stage at which the attack is executed. A graphical representation of the impact of each evaluated event is depicted for visualization purposes. A use case of a cyber-physical system is proposed at the end of the paper to illustrate the applicability of the proposed geometrical model.