# Efficient attack countermeasure selection accounting for recovery and   action costs

**Authors:** Jukka Soikkeli, Luis Mu\~noz-Gonz\'alez, Emil C. Lupu

arXiv: 1904.03082 · 2019-04-08

## TL;DR

This paper introduces a cost-aware attack countermeasure selection method that balances attack containment and recovery actions to minimize overall costs and losses in networked systems.

## Contribution

It presents a novel approach that models costs and losses for both attackers and defenders, optimizing countermeasure choices over time.

## Key findings

- The method effectively reduces expected losses compared to alternatives.
- Simulation results demonstrate cost-efficiency in network dependency scenarios.
- Allowing some attack continuation can be more cost-effective than containment.

## Abstract

The losses arising from a system being hit by cyber attacks can be staggeringly high, but defending against such attacks can also be costly. This work proposes an attack countermeasure selection approach based on cost impact analysis that takes into account the impacts of actions by both the attacker and the defender. We consider a networked system providing services whose provision depends on other components in the network. We model the costs and losses to service availability from compromises and defensive actions to the components, and show that while containment of the attack can be an effective defensive strategy, it can be more cost-efficient to allow parts of the attack to continue further whilst focusing on recovering services to a functional state. Based on this insight, we build a countermeasure selection method that chooses the most cost-effective action based on its impact on expected losses and costs over a given time horizon. Our method is evaluated using simulations in synthetic graphs representing network dependencies and vulnerabilities, and found to perform well in comparison to alternatives.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1904.03082/full.md

## Figures

12 figures with captions in the complete paper: https://tomesphere.com/paper/1904.03082/full.md

## References

23 references — full list in the complete paper: https://tomesphere.com/paper/1904.03082/full.md

---
Source: https://tomesphere.com/paper/1904.03082