# Knowledge Base System for Risk Analysis of the Multi-step Computer Attacks

### Gulnara Yakhyaeva, Aleksey Ershov

#### Abstract

This work describes the module of the "RiskPanel" software system, performing risk analysis of multi-step computer attacks. The module is based on statistical analysis of actual computer attack precedents. At the user's request the system calculates objective probability of information security risks, taking into account all possible multi-step attacks (i.e. possible combinations of known attacks). The estimation of probability is presented as an interval because we don't always have a full description of real attacks. The task of this work is described using the model-theoretic formalism. The first step is to build a knowledge base of computer attacks. The formal description of the knowledge base structure is made with the Description Logic. Formalization of estimated (fuzzy) judgments is made in the language of the Fuzzy Model Theory. The article contains algorithms for calculation of probabilistic risk intervals and describes program implementation of the developed methods.

#### References

- Alhomidi, M. & Reed, M., 2014. Attack graph-based risk assessment and optimization approach. International Journal of Network Security & Its Applications (IJNSA), 6(3), pp. 31-43.
- Baader, F., McGuinness, D., Nardi, D. & Patel-Schneider, P., 2007. The description logic handbook: Theory, implementation, and applications. 2-d ???. Cambridge : Cambridge University Press.
- Blackburn, P., Van Benthem, J. & Wolter, F., 2007. Handbook of Modal Logic. Amsterdam: Elsevier.
- Carcary, M., 2013. IT Risk Management: A Capability Maturity Model. The Electronic Journal Information Systems Evaluation, 16(1), pp. 3-13.
- Dawkins, J. & Hale, J., 2004. A Systematic Approach to Multi-Stage Network Attack Analysis. Washington, Proceedings ofthe Second IEEE International Information Assurance Workshop (IWIA 7804), IEEE Computer Society.
- Palchunov, D., 2006. Simulation of thinking and formalization of reflection: I. Model-theoretic formalization of the ontology and reflection. Filosofiya nauki, 31(4), pp. 86-114.
- Palchunov, D., 2008. Simulation of thinking and formalization of reflection: II. Ontologies and formalization of concepts. Filosofiya nauki, 37(2), pp. 62-99.
- Pal'chunov, D. & Yakhyaeva, G., 2015. Fuzzy logics and fuzzy model theory. Algebra and Logic, 54(1), pp. 74- 80.
- Pulchunov, D. & Yakhyaeva, G., 2005. Interval fuzzy algebraic systems. Proceedings of the Asian Logic Conference , pp. 23-37.
- Pulchunov, D., Yakhyaeva, G. & Hamutskya, A., 2011. Software system for information risk manadgement "RiskPanel". Programmnaya ingeneriya, ??? 7, pp. 29-36.
- Sheyner, O. ? ??., 2002. Automated Generation and Analysis of Attack Graphs. Oakland, California, IEEE Symposium on Security and Privacy.
- Wayne, F. & Boyer, M. A. M. X. O. A., 2006. A Scalable Approach to Attack Graph Generation. New York, CCS 7806 Proceedings of the 13th ACM conference on Computer and communications security.
- Xinming Ou, W. F. B. M. A. M., 2006. A Scalable Approach to Attack Graph Generation. New York, ?.?., pp. 336-345.
- Yakhyaeva, G., 2007. Fuzzy model truth values. Bratislava, Slovak Republic, Proceedings of the 6-th International Conference Aplimat, pp. 423-431.
- Yakhyaeva, G., 2009. Logic of Fuzzifications. Tumkur, Proceedings of the 4th Indian International Conference on Artificial Intelligence (IICAI-09), pp. 222-239.
- Yakhyaeva, G. & Yasinskaya, O., 2014. Application of Case-based Methodology for Early Diagnosis of Computer Attacks. Journal of Computing and Information Technology, 22(3), p. 145-150.
- Yakhyaeva, G. & Yasinskaya, O., 2015. An Algorithm to Compare Computer-Security Knowledge from Different Sources. Barcelona, Spain, Proceedings of the 17th International Conference on Enterprise Information Systems, pp. 565-572.
- Yakhyaeva, G., Yasinskaya, O. & Karmanova, A., 2014. Probabilistic question-answering system in the field of computer security. Vestn. Novosib. gos. un-ta. Seriya: Informacionnye tehnologii, 12(3), pp. 132-145.
- Zhai, G. & Zhou, S., 2011. Construction and implementation of multistep attacks alert correlation model. Journal of Computer Applications, 31(5), p. 1276-1279.
- Zhang, Y., Z. D. & Liu, J., 2014. The Application of Baum-Welch Algorithm in Multistep Attack Hindawi Publishing Corporate Scientific World Journal Volume 2014. Scientific World Journal, ??? 2014, p. 7.

#### Paper Citation

#### in Harvard Style

Yakhyaeva G. and Ershov A. (2016). **Knowledge Base System for Risk Analysis of the Multi-step Computer Attacks** . In *Proceedings of the 18th International Conference on Enterprise Information Systems - Volume 2: ICEIS,* ISBN 978-989-758-187-8, pages 143-150. DOI: 10.5220/0005772401430150

#### in Bibtex Style

@conference{iceis16,

author={Gulnara Yakhyaeva and Aleksey Ershov},

title={Knowledge Base System for Risk Analysis of the Multi-step Computer Attacks},

booktitle={Proceedings of the 18th International Conference on Enterprise Information Systems - Volume 2: ICEIS,},

year={2016},

pages={143-150},

publisher={SciTePress},

organization={INSTICC},

doi={10.5220/0005772401430150},

isbn={978-989-758-187-8},

}

#### in EndNote Style

TY - CONF

JO - Proceedings of the 18th International Conference on Enterprise Information Systems - Volume 2: ICEIS,

TI - Knowledge Base System for Risk Analysis of the Multi-step Computer Attacks

SN - 978-989-758-187-8

AU - Yakhyaeva G.

AU - Ershov A.

PY - 2016

SP - 143

EP - 150

DO - 10.5220/0005772401430150