Dipartimento di Ingegneria informatica, automatica e gestionale

Self-protection is a desired property of many modern ICT systems as it enriches them in detecting and reacting to security threats at run-time. Several solutions leveraging vulnerability scanners and attack graphs have recently been proposed to monitor and analyze cyber risks and trigger security adaptations accordingly. They mainly focus on the system design without investigating the potential drawbacks of their components, such as accuracy and scalability. This paper investigates the accuracy of the environment monitoring, the scalability of the security analysis, and their intrinsic relationships. To balance their trade-off, we contribute a computational pipeline that includes vulnerability filtering and aggregation modules that can be used in isolation or combined to tune the monitoring and analysis of Attack Graph-based self-protecting systems. We propose different heuristics for filtering and aggregation, each impacting the accuracy-scalability trade-off at various levels, and we assess their interplay in a real-setting scenario.