A distributed attack detection and mitigation framework

Despite the efforts of security communities, the gap between the available protection against cyber-attacks and the number of successful attacks remains significant. The need for new countermeasures is clear and urgent as cyber-attacks are more than ever capable of causing loss of human life; destroying the environment, and causing a high level of disruption to critical infrastructures. The impact of cyber-attacks is sometimes comparable to the impact of traditional military actions. However, the lack of understanding of the scope of attacks and how they operate could lead to unsuccessful protection mechanisms. We have analysed attacks targeting IT and business network, and Critical infrastructure, as a result we present four levels of visibility of attacks that need to be considered when designing or implementing security mechanisms. In our discussion of these four levels of visibility of attacks, we particularly focus on one level where malicious users actions are direct threats to the targeted system but yet not visible by the targeted systems. We conclude by presenting our detection and mitigation framework concept.