Success Likelihood of Ongoing Attacks: Relevant Factor for Supervision and Response in ICT Systems

Nowadays, Information and Communication Technology (ICT) systems are continuously growing in size and complexity. Governmental organizations and corporations are relying on these systems more than ever, while the borders between critical infrastructure and ICT systems are fading away. Examples may be found in every aspect of the modern world: land and mobile telecommunications, smart grids, SCADA (Supervisory Control And Data Acquisition) systems, banking and commerce, governmental services, etc. Such systems and services represent attractive targets for hackers and criminal organizations. Consequently, a proper and efficient response becomes essential, to ensure the continuity and the security of the services provided by these critical systems. This interesting issue has been driving the research community to propose several intelligent response models. These response models aim at identifying and selecting during operation, the most effective response measures in order to handle an ongoing attack. Indeed, effective and intelligent response selection procedure must consider a comprehensive set of criteria. For instance, it is practically worthless to counter an ongoing attack, if the cost of the candidate response is greater than the potential impact of the attack itself. Such reasoning remains valid whatever the type of the monitored system (e.g. commercial, organizational, military, governmental, etc.). In consequence, most of existing response systems adopt a cost-aware approach that balances the cost of the attack with the cost of the response, in order to provide an intelligent response selection procedure [30, 27, 13, 19].