Threat-Oriented Security Framework: A Proactive Approach in Threat Management

Present day sophisticated and innovative attacks have resulted in exponentially increasing security problems. This paper therefore presents a three phased threat-oriented security model to meet the above security challenges as a part of proactive threat management. Integration of threat management with development process in the proposed work provides necessary security cover against both known and unknown threats. Identification of these threats has been made possible by fusion of threat modeling process and research honeytokens in conjunction with statistical model in the first phase. Necessary security measures to mitigate above identified threats have been adopted in the second phase using multi-agent system planning. Risk reduction as a result of adoption of countermeasures has been evaluated in the third phase using meta-agents in multi-agent environment. This three-phased model is placed in the risk analysis segment of the spiral model to enhance and strengthen the security as a part of proactive risk management. This work gives a new and innovative approach to provide security against all types of threats and has an edge over traditional techniques which only cater to predictable threats in risk management.