Foundations of Attack–Defense Trees

Kordy, Barbara; Mauw, Sjouke; Radomirović, Saša; Schweitzer, Patrick

doi:10.1007/978-3-642-19751-2_6

Cited by 188 publications

(178 citation statements)

References 13 publications

Supporting

Mentioning

175

Contrasting

Order By: Relevance

“…To understand the attacker's progress and find the attack path to the attacker's target, there are two approaches to model network vulnerabilities: an attack graph [12], [13] and an attack tree [14], [15]. They provide an appropriate picture of different ways for compromising a target by exploiting a sequence of vulnerabilities.…”

Section: Attack-defense Treementioning

confidence: 99%

Dynamic Optimal Countermeasure Selection for Intrusion Response System

Shameli‐Sendi

Louafi

et al. 2018

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

Abstract-Designing an efficient defense framework is challenging with respect to a network's complexity, widespread sophisticated attacks, attackers' ability, and the diversity of security appliances. The Intrusion Response System (IRS) is intended to respond automatically to incidents by attuning the attack damage and countermeasure costs. The existing approaches inherit some limitations, such as using static countermeasure effectiveness, static countermeasure deployment cost, or neglecting the countermeasures' negative impact on service quality (QoS). These limitations may lead the IRS to select inappropriate countermeasures and deployment locations, which in turn may reduce network performance and disconnect legitimate users. In this paper, we propose a dynamic defense framework that selects an optimal countermeasure against different attack damage costs. To measure the attack damage cost, we propose a novel defense-centric model based on a service dependency graph. To select the optimal countermeasure dynamically, we formulate the problem at hand using a multi-objective optimization concept that maximizes the security benefit, minimizes the negative impact on users and services, and minimizes the security deployment cost with respect to the attack damage cost.

show abstract

Section: Attack-defense Treementioning

confidence: 99%

Dynamic Optimal Countermeasure Selection for Intrusion Response System

Shameli‐Sendi

Louafi

et al. 2018

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

show abstract

“…Attack and Protection trees, Defense Trees and AttackDefense trees were a few of the models built upon the regular attack tree and used to analyze attacks from both an attacker's and a defender's point of view [46,47,48]. Edge et al built a Protection tree to identify the possible protection areas by analyzing the attack tree and calculating the impact, probability and cost of the attacker's goal.…”

Section: A General Attack Analysis Approachesmentioning

confidence: 99%

An Evolutionary Approach of Attack Graph to Attack Tree Conversion

Haque¹,

Atkison²

2017

IJCNIS

View full text Add to dashboard Cite

Abstract-The advancement of modern day computing has led to an increase of threats and intrusions. As a result, advanced security measurements and threat analysis models are necessary to detect these threats and identify protective measures needed to secure a system. Attack graphs and attack trees are the most popular form of attack modeling today. While both of these approaches represent the possible attack steps followed by an attacker, attack trees are architecturally more rigorous than attack graphs and provide more insights regarding attack scenarios. The goal of this research is to identify the possible direction to construct attack trees from attack graphs analyzing a large volume of data, alerts or logs generated through different intrusion detection systems or network configurations. This literature summarizes the different approaches through an extensive survey of the relevant papers and identifies the current challenges, requirements and limitations of an efficient attack modeling approach with attack graphs and attack trees. A discussion of the current state of the art is presented in the later part of the paper, followed by the future direction of research.

show abstract

“…Similarly, the probability of the most probable attack with respect to t is P max (t) (6) = max x∈{0,1} var t ψ t (x) (12) = max…”

Section: Indicators For Probability Computationmentioning

confidence: 99%

“…Attack-defense trees [12] extend the well-known model of attack trees [26], by considering not only actions of an attacker, but also possible countermeasures of a defender. Since the augmented formalism models interactions between an attacker and a defender explicitly and is able to capture evolutionary aspects of attack-defense scenarios, it allows for a more accurate security assessment process compared to attack trees.…”

Section: Introductionmentioning

confidence: 99%

A Probabilistic Framework for Security Scenarios with Dependent Actions

Kordy

Pouly

Schweizer

2014

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

International audienceThis work addresses the growing need of performing meaningful probabilistic analysis of security. We propose a framework that integrates the graphical security modeling technique of attack–defense trees with probabilistic information expressed in terms of Bayesian networks. This allows us to perform probabilistic evaluation of attack–defense scenarios involving dependent actions. To improve the efficiency of our computations, we make use of inference algorithms from Bayesian networks and encoding techniques from constraint reasoning. We discuss the algebraic theory underlying our framework and point out several generalizations which are possible thanks to the use of semiring theory

show abstract

Foundations of Attack–Defense Trees

Cited by 188 publications

References 13 publications

Dynamic Optimal Countermeasure Selection for Intrusion Response System

Dynamic Optimal Countermeasure Selection for Intrusion Response System

An Evolutionary Approach of Attack Graph to Attack Tree Conversion

A Probabilistic Framework for Security Scenarios with Dependent Actions

Contact Info

Product

Resources

About