Towards Optimal Sensor Placement for Cybersecurity: An Extensible Model for Defensive Cybersecurity Sensor Placement Evaluation.
Neal Wagner, Suresh K Damodaran, Michael Reavey
Abstract
Open AccessOptimal sensor placement (OSP) is concerned with determining a configuration for a collection of sensors, including sensor type, number, and location, that yields the best evaluation according to a predefined measure of efficacy. Central to the OSP problem is the need for a method to evaluate candidate sensor configurations. Despite the wide use of cybersecurity sensors for the protection of network systems against cyber attacks, there is limited research focused on OSP for defensive cybersecurity, and limited research on evaluation methods for cybersecurity sensor configurations that consider both the sensor data source locations and the sensor analytics/rules used. This paper seeks to address these gaps by providing an extensible mathematical model for the evaluation of cybersecurity sensor configurations, including sensor data source locations and analytics, meant to defend against cyber attacks. We demonstrate model usage via a case study on a representative network system subject to multi-step attacks that employ real cyber attack techniques recorded in the MITRE ATT&CK knowledge base and protected by a configuration of defensive cybersecurity sensors. The proposed model supports the potential for adaptation of techniques and methods developed for OSP in other problem domains than the cybersecurity domain.