Selecting Countermeasures for ICT systems

A countermeasure is any change to a system to reduce the probability it is successfully attacked. We propose a model based approach that selects countermeasures through multiple simulations of the behaviors of an ICT system and of intelligent attackers that implement sequences of attacks. The simulations return information on the attacker sequences and the goals they reach we use to compute the statistics that drive the selection. Since attackers change their sequences as countermeasures are deployed, we have defined an iterative strategy where each iteration selects some countermeasures, updates the system models and runs the simulations to discover any new attacker sequence. The discovery of new sequences starts a new iteration. The Haruspex suite automates the proposed approach. Some of its tools acquire information on the target system and on the attackers and build the corresponding models. Another tool simulates the attacks through the models of the system and of the attackers. The tool to select countermeasures invokes the other ones to discover how countermeasures influence the attackers. We apply the whole suite to three systems and discuss how the connection topology influences the countermeasures to adopt.