Aleksandr Lenin scite author profile

Aleksandr Lenin

3Publications

44Citation Statements Received

100Citation Statements Given

How they've been cited

How they cite others

100

Affiliations

Cybernetica (Estonia), Tallinn University of Technology, Cybernetica (Norway)

Publications

Order By: Most citations

Attacker Profiling in Quantitative Security Assessment Based on Attack Trees

Lenin

Willemson

Sari

2014

View full text Add to dashboard Cite

Abstract. Providing meaningful estimations for the quantitative annotations on the steps of complex multi-step attacks is hard, as they are jointly influenced by the infrastructure and attacker properties. The paper introduces attacker profiling as a concept of separation of the infrastructure properties from the properties of malicious agents undertaking strategic decisions in the considered environment. We show that attacker profiling may be integrated into existing quantitative security assessment tools without any significant performance penalty. As an example of such integration we introduce the new analysis tool named ApproxTree+ which is an extension of the existing ApproxTree tool, enhancing it by incorporating attacker profiling capabilities into it.

show abstract

New Efficient Utility Upper Bounds for the Fully Adaptive Model of Attack Trees

Buldas

Lenin

2013

View full text Add to dashboard Cite

We present a new fully adaptive computational model for attack trees that allows attackers to repeat atomic attacks if they fail and to play on if they are caught and have to pay penalties. The new model allows safer conclusions about the security of real-life systems and is somewhat (computationally) easier to analyze. We show that in the new model optimal strategies always exist and finding the optimal strategy is (just) an np-complete problem. We also present methods to compute adversarial utility estimation and utility upper bound approximated estimation using a bottom-up approach.Part of the research leading to these results has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under grant agreement ICT-318003 (TREsPASS). This publication reflects only the authors' views and the Union is not liable for any use that may be made of the information contained herein.

show abstract

Attribute evaluation on attack trees with incomplete information

Buldas

Gadyatskaya

Lenin

et al. 2020

Computers & Security

View full text Add to dashboard Cite

Attack trees are considered a useful tool for security modelling because they support qualitative as well as quantitative analysis. The quantitative approach is based on values associated to each node in the tree, expressing, for instance, the minimal cost or probability of an attack. Current quantitative methods for attack trees allow the analyst to, based on an initial assignment of values to the leaf nodes, derive the values of the higher nodes in the tree. In practice, however, it shows to be very difficult to obtain reliable values for all leaf nodes. The main reasons are that data is only available for some of the nodes, that data is available for intermediate nodes rather than for the leaf nodes, or even that the available data is inconsistent. We address these problems by developing a generalisation of the standard bottom-up calculation method in three ways. First, we allow initial attributions of non-leaf nodes. Second, we admit additional relations between attack steps beyond those provided by the underlying attack tree semantics. Third, we support the calculation of an approximative solution in case of inconsistencies. We illustrate our method, which is based on constraint programming, by a comprehensive case study.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Aleksandr Lenin

Attacker Profiling in Quantitative Security Assessment Based on Attack Trees

New Efficient Utility Upper Bounds for the Fully Adaptive Model of Attack Trees

Attribute evaluation on attack trees with incomplete information

Contact Info

Product

Resources

About