A Quantitative Model for Evaluating the Efficiency of Proactive and Reactive Security Countermeasures

Yoon-Ho CHOI  Han-You JEONG  Seung-Woo SEO  

IEICE TRANSACTIONS on Information and Systems   Vol.E98-D   No.3   pp.637-648
Publication Date: 2015/03/01
Online ISSN: 1745-1361
DOI: 10.1587/transinf.2014EDP7042
Type of Manuscript: PAPER
Category: Information Network
evaluation of security countermeasures,  proactive security countermeasures,  reactive security countermeasures,  complementary effects of security countermeasures,  mathematical analysis,  

Full Text: PDF(1.1MB)
>>Buy this Article

During the investment process for enhancing the level of IT security, organizations typically rely on two kinds of security countermeasures, i.e., proactive security countermeasures (PSCs) and reactive security countermeasures (RSCs). The PSCs are known to prevent security incidents before their occurrence, while the RSCs identify security incidents and recover the damaged hardware and software during or after their occurrence. Some researchers studied the effect of the integration of PSCs and RSCs, and showed that the integration can control unwanted incidents better than a single type of security countermeasure. However, the studies were made mostly in a qualitative manner, not in a quantitative manner. In this paper, we focus on deriving a quantitative model that analyzes the influence of different conditions on the efficiency of the integrated security countermeasures. Using the proposed model, we analyze for the first time how vulnerability and the potential exploits resulting from such vulnerability can affect the efficiency of the integrated security countermeasures; furthermore, we analytically verify that as the efficiency of PSCs increases, the burden of RSCs decreases, and vice versa. Also, we describe how to select possibly optimal configurations of the integrated security countermeasures.