2017
DOI: 10.1007/978-3-319-68063-7_11
|View full text |Cite
|
Sign up to set email alerts
|

Refinement-Aware Generation of Attack Trees

Abstract: Abstract. Attack trees allow a security analyst to obtain an overview of the potential vulnerabilities of a system. Due to their refinement structure, attack trees support the analyst in understanding the system vulnerabilities at various levels of abstraction. However, contrary to manually synthesized attack trees, automatically generated attack trees are often not refinement-aware, making subsequent human processing much harder. The generation of attack trees in which the refined nodes correspond to semantic… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
11
0

Year Published

2018
2018
2021
2021

Publication Types

Select...
5
1

Relationship

3
3

Authors

Journals

citations
Cited by 17 publications
(11 citation statements)
references
References 29 publications
0
11
0
Order By: Relevance
“…Finally, we would like to develop a system for automatic attack-tree series design and visualization from threat intelligence feeds. Recent work [35,27,14,11,15] demonstrated the viability of generating attack trees automatically. Particularly, Jhawar et al [15] have shown that a threat library can be used to compose attack trees.…”
Section: Discussionmentioning
confidence: 99%
See 1 more Smart Citation
“…Finally, we would like to develop a system for automatic attack-tree series design and visualization from threat intelligence feeds. Recent work [35,27,14,11,15] demonstrated the viability of generating attack trees automatically. Particularly, Jhawar et al [15] have shown that a threat library can be used to compose attack trees.…”
Section: Discussionmentioning
confidence: 99%
“…The manual work may be facilitated by relevant knowledge, e.g., from industry-specic catalogues of threats or threat ontologies [6]. Recently, automated and assisted attack tree generation techniques have emerged [14,35,27,11,15]. However, all these approaches work with static scenarios, and they do not take into account potential evolution in the considered threat structure.…”
Section: Related Workmentioning
confidence: 99%
“…Jhawar et al developed a refinement of the sibling relationships, adding a Sequential AND or "SAND" relation, alongside discussing the utility and semantic implications (the SP graph semantics) of such a refinement [11]. Many works have attempted to generate attack trees automatically, given that many attack trees in industry are generated manually, and effective automatic attack tree generation would be a valuable contribution to this space [5,9,10,25].…”
Section: Related Workmentioning
confidence: 99%
“…These definitions were selected because they share common properties with many modifications of both attack trees and attack graphs, and thus should enable modification of the algorithms described below to enable further development of this methodology. Specifically, we use a recursive attack tree definition à la Gadyatskaya et al [5], and a basic state-based attack graph definition from Sheyner et al [23].…”
Section: Definitionsmentioning
confidence: 99%
See 1 more Smart Citation