Attribute evaluation on attack trees with incomplete information

Buldas, Ahto; Gadyatskaya, Olga; Lenin, Aleksandr; Mauw, Sjouke; Trujillo-Rasúa, Rolando

doi:10.1016/j.cose.2019.101630

Cited by 18 publications

(13 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In this paper, we directly apply the defense cost, and we do not specifically consider how the defense cost is obtained. One can refer to [42,43] for details on the defense cost calculation. In practice, the defense cost refers to the actual cost of the defender in a complete attack defense scenario.…”

Section: Discussionmentioning

confidence: 99%

A Minimum Defense Cost Calculation Method for Attack Defense Trees

Zhong

2020

Security and Communication Networks

View full text Add to dashboard Cite

The cyberphysical system (CPS) is becoming the infrastructure of society. Unfortunately, the CPS is vulnerable to cyberattacks, which may cause environmental pollution, property losses, and even casualties. Furthermore, in contrast to the conventional Internet, the devices in CPSs are more specific, and the device systems may not be upgraded or installed with new programs during their life spans. The selection of the best defense nodes for defeating cyberattacks is quite challenging in CPSs. To overcome this issue, several attack-defense modeled methods have been proposed. However, few existing studies have considered the defense cost, which is usually a determinant in practice. In this paper, we propose a method for choosing optimal defense nodes that (1) can defeat specific attacks and (2) are inexpensive. First, the atom attack defense tree (A2DTree) is proposed by adding constraints to the conventional attack defense tree (ADTree). Second, the algebraic method is used to efficiently calculate the minimum defense cost. On this basis, a minimum defense cost calculation tool is designed and implemented. Finally, the effectiveness of the proposed method is verified with two typical case studies, and a comparative experiment of related work is carried out. The results show that the method can correctly and efficiently identify the optimal defense nodes and calculate the minimum defense cost of a CPS.

show abstract

Section: Discussionmentioning

confidence: 99%

A Minimum Defense Cost Calculation Method for Attack Defense Trees

Zhong

2020

Security and Communication Networks

View full text Add to dashboard Cite

show abstract

“…In such cases, the bottom-up computation technique is infeasible. Buldas et al [5] have recently shown that intermediary data values can be used to complete the attack tree decoration process. Our current theory of attack-tree series with attributes, including temperature functions, is agnostic to the decoration process, as it only requires that all attack trees in the time-series are decorated.…”

Section: Discussionmentioning

confidence: 99%

“…We consider attack trees constructed from leaf nodes and two types of internal nodes (AND and OR). Following, e.g., [5], we will assume that all nodes of the attack tree are labeled.…”

Section: Attack-tree Seriesmentioning

confidence: 99%

Attack-Tree Series: A Case for Dynamic Attack Tree Analysis

Gadyatskaya

Mauw

2019

Graphical Models for Security

Self Cite

View full text Add to dashboard Cite

Attack trees are a popular model for security scenario analysis. Yet, they are currently treated in the literature as a static model and are not suitable for dynamic security monitoring. In this paper we introduce attack-tree series, a time-indexed set of attack trees, as a model to capture and visualize the evolution of security scenarios. This model supports changes in the attack tree structure as well as changes in the data values. We introduce the notion of a temperature function as a special type of attribute that expresses the importance of change in the data values. We also introduce a consistency predicate on attack trees to allow interrelating the evolving scenarios captured as attack trees. Finally, we discuss various application scenarios for attack-tree series and we demonstrate on a case study how the proposed ideas can be implemented to visualize historical trends.

show abstract

“…One important parameter in ATs used to analyse security risk is the likelihood of successful attacks (in literature, also referred to as security events). However, several probabilistic ATs [2,5,12,16,17,20] use precise values for likelihoods using the probabilistic approach. In many situations, it is difficult to elicit accurate probabilities due to lack of knowledge, or insufficient historical data, making the evaluation of risk in existing approaches unreliable.…”

Section: Introductionmentioning

confidence: 99%

“…(1) we develop a new model of ATs, called SAT, that takes second-order uncertainty into account. (2) we propose a methodology to derive opinions about security events based on the two criteria discussed in [1] using Subjective Logic. (3) we conduct an experimental evaluation that compares our approach with traditional ATs, demonstrating that the results differ and would lead to different decisions being made.…”

Section: Introductionmentioning

confidence: 99%

Modelling Security Risk Scenarios Using Subjective Attack Trees

Al-Hadhrami

Collinson

Oren

2021

Lecture Notes in Computer Science

View full text Add to dashboard Cite

We propose a novel attack tree model, called a subjective attack tree, aiming to address the limitations of traditional attack trees, which use precise values for likelihoods of security events. In many situations, it is often difficult to elicit accurate probabilities due to lack of knowledge, or insufficient historical data, making the evaluation of risk in existing approaches unreliable. In this paper, we consider the modelling of uncertainty about probabilities, via subjective opinions, resulting in a model taking second-order uncertainty into account. We propose an approach to derive subjective opinions about security events based on two main criteria, namely a vulnerability level and technical difficulty to conduct an attack, using subjective logic. These subjective opinions are then used as input parameters in the proposed model. The propagation method of subjective opinions is also discussed. Our approach is evaluated against traditional attack trees using the Stuxnet self-installation scenario. Our results show that taking uncertainty about probabilities into account during security risk analysis can lead to different outcomes, and therefore different security decisions.

show abstract

Attribute evaluation on attack trees with incomplete information

Cited by 18 publications

References 39 publications

A Minimum Defense Cost Calculation Method for Attack Defense Trees

A Minimum Defense Cost Calculation Method for Attack Defense Trees

Attack-Tree Series: A Case for Dynamic Attack Tree Analysis

Modelling Security Risk Scenarios Using Subjective Attack Trees

Contact Info

Product

Resources

About