Program, Best Papers, Keynotes > Invited Speaker
Igor Kotenko, Head of the Research Laboratory of Computer Security Problems of the St. Petersburg Institute for Informatics and Automation of the Russian Academy of Science
Title of the Keynote: Computation, visualization and analysis of security metrics for cyber situation awareness
Abstract: In this talk, techniques for computation, visualization and analysis of security metrics for cyber situation awareness will be considered. The techniques are based on attack graphs and service dependencies, apply a set of different assessment levels (topological, attack graph, attacker, events, countermeasures and system) and analyze several important aspects (basic, zero day attacks, cost-efficiency characteristics). Such approach allows understanding the current security situation, including defining the vulnerable characteristics and weaknesses of the system under protection, dangerous events, current and possible cyber attack parameters, attacker intentions, integral cyber situation metrics and necessary countermeasures. Key elements of suggested architectural solutions are using a comprehensive security repository, effective attack graph (tree) generation techniques, taking into account known and new attacks based on zero-day vulnerabilities, stochastic analytical modeling, and interactive decision support to choose preferred security solutions. To optimize the attack graph generation and security evaluation we apply an anytime approach to have the result at any time by applying a set of algorithms with different timelines and precision. In the talk, we also consider a visual analytics technique for displaying security metrics. Finally, we present the prototype of the cyber situation awareness component, the results of experiments carried out, and comparative analysis of the techniques used. This research is based on the results of the FP7 project MASSIF "Management of Security Information and Events in Service Infrastructures" and now is fulfilled in St. Petersburg Institute for Informatics and Automation of Russian Academy of Sciences (SPIIRAS) by support of the grant of Russian Science Foundation #15-11-30029.
Keywords: cyber situational awareness, security metrics, attack graphs, service dependencies, visual analytics, countermeasure generation
Bio: Igor Kotenko is a professor of computer science and Head of Research Laboratory of Computer Security Problems of the St. Petersburg Institute for Informatics and Automation of the Russian Academy of Science. He graduated with honors from St.Petersburg Academy of Space Engineering and St.Petersburg Signal Academy, obtained the Ph.D. degree and the National degree of Doctor of Engineering Science. He is the author of more than 250 refereed publications, including several study books and monographs. Igor Kotenko has a high experience in the research on computer network security and participated in several projects on developing new security technologies. For example, he was a project leader in the research projects from the US Air Force research department, via its EOARD (European Office of Aerospace Research and Development) branch, EU FP7 and FP6 Projects, HP, Intel, F-Secure, etc. The research results of Igor Kotenko were tested and implemented in multitude of Russian research and development projects. The research performed under these contracts was concerned with innovative methods for network intrusion detection, simulation of network attacks, vulnerability assessment, security protocols design, verification and validation of security policy, etc. Igor V. Kotenko is a laureate of the St. Petersburg Government award for outstanding scientific achievements in the field of science and technology, a laureate of the program “Outstanding Scientists. Doctors of Sciences of the Russian Academy of Sciences”, and a winner of many grants of the Russian Foundation of Basic Research, Russian Science Foundation and several State contracts. He has chaired several conferences and workshops, and serves as editor on several editorial boards.