On the Recommendation of Protections Services

On the Recommendation of Protections Services

Cyberattacks determine a rising threat for governments, companies, and end-users. Beyond compromising individuals’ security and privacy, malicious attackers can negatively impact the economic situation of businesses supported by digital systems. Within the landscape of cyberattacks, Distributed Denial-of-Service (DDoS) attacks remain one of the most dangerous threats to service providers worldwide. DDoS attacks are responsible for many occurrences impacting service downtime and performance degradation. One of the major causes for the increase in the number of DDoS attacks is the equally growing number of unsecured Internet-of-Things (IoT) devices, which, for example, ease the spreading of botnets being able to launch massive attacks on service providers. Although massive DDoS attacks are the major cause of concern, cyberattacks at the application layer are evolving (e.g., code injections and social engineering). They are equally dangerous to the targeted system. According to recent reports [1], during the COVID-19 pandemic an increase in cloud-based cyberattacks of roughly 630% was observed and confirmed data breaches in the healthcare industry increased by 58%. This shows that the complete picture of the detailed scenario is still unknown for the future, but attack predictions are giving evidences of a still more dangerous scenario for the companies from different sectors.

Currently, companies that have budget allocated to cybersecurity mitigation measures are investing in protection services (e.g., firewalls and anti-malware tools) and response teams to ensure availability and to protect crucial services and infrastructure. This is precisely one of the major concerns of the CONCORDIA h2020 project in which a task is precisely addressing the assessment the economic impacts of cyberattacks involving the associated costs of proactive and reactive measures. As the cybersecurity market expands into a billion Euro sector, with investments steadily rising, plenty of financial incentives are in place for Protection Service Providers to enter the market by offering protection services. At the same time, users (i.e., businesses) can reduce protection costs (e.g., related to the deployment, configuration, and operation of services) by leveraging a competitive cybersecurity market to meet their specific demands. Protections may include acquiring physical appliances, software licenses, virtual network functions, or cloud-based protection. Thus, although traditional models will still meet specific demands, a notable amount of next-generation protection services can adapt to flexible business models and provide a different level of protection on-demand.

On-demand protection services and marketplaces available offer services and alternatives regarding the deployment and management aspects of such cyber defense. However, it is not a trivial task for end-users or businesses – many times without expertise and budget available – to select one of them. In a complex scenario involving multiple attack vectors and available protection services, decision-making is even more critical, when infrastructure is under attack, and the decision to mitigate the attack should be provided on the basis of information about this infrastructure, including its economic aspects, demands, and the characteristics of the attack. In such a setting it is essential to observe not only how often attacks surpass the on-site infrastructure capacity (for instance, in case of a DDoS attack), but also which off-site services can provide the necessary protection, considering their different service flavors, such as the amount of traffic supported, the capacity to address particularities of a determined attack, or price conditions. Thus, recommender systems can be used as a valuable security management tool to support decisions during the planning and mitigation process.

In response to these challenges the University of Zurich UZH is exploring within Concordia, as leader of the task T4.3 on “Economic Perspectives”, the research and development of tools for supporting cybersecurity management, including the recommendation of services for the prevention and mitigation of cyberattacks. More precisely, a cybersecurity recommendation engine, termed MENTOR [2], has been developed and prototyped to apply similarity measure techniques for information correlations (e.g., budget constraints and the type of service required) from customers with various protection services available in the market. Also, the prototype ProtectDDoS [3] was developed by integrating MENTOR with a blockchain-based catalog to show the feasibility of such a recommendation process in a DDoS attack scenario.

Figure 1: Overall Recommendation Process proposed in [2]

Figure 1 outlines the overall process of recommendation, which involves the (a) processing of information related to the attack, (b) classification of the type of attack, (c) definition of business demands, and the (d) filter and recommendation of the most suitable protection according to these business demands. In terms of an evaluation, a dataset was generated for the assessment, containing 10,000 randomly generated protection services. Each service was described based on business profile parameters and with a price range between € 100 and € 1,000. Thus, by using such data as an input to the recommendation process the performance and accuracy of those measurement algorithms developed to recommend protection services were analyzed.

Both the MENTOR recommendation engine and ProtectDDoS were published and presented by Muriel Franco in the 15th International Conference on Network and Service Management (CNSM 2019) and 17th International Conference on the Economics of Grids, Clouds, Systems, and Service (GECON 2020), respectively. The work on ProtectDDoS received the “Best Presentation Award” (cf. Figure 2) during the GECON’s award ceremony. The basis of this work presented was developed as part of a Bachelor Thesis at the Communication Systems Group CSG of UZH conducted by Erion Sula and supervised by Muriel in late 2019.

Figure 2: GECON’s Award Certificate


  1. Rob Sobers: Cybersecurity Statistics and Trends for 2021; https://www.varonis.com/blog/cybersecurity-statistics/, Last visit February 2021.
  2. Muriel Franco, Bruno Rodrigues, Burkhard Stiller: MENTOR: The Design and Evaluation of a Protection Services Recommender System; 15th International Conference on Network and Service Management (CNSM 2019), Halifax, Canada, October 2019, pp 1–7.
  3. Muriel Franco, Erion Sula, Bruno Rodrigues, Eder Scheid, Burkhard Stiller: ProtectDDoS: A Platform for Trustworthy Offering and Recommendation of Protections; International Conference on Economics of Grids, Clouds, Software and Services (GECON 2020), Izola, Slovenia, September 2020, pp 1–12.

(By Muriel Franco and Bruno Rodrigues)