ABSTRACT
Attack tree (AT) is one of the widely used combinatorial models in cyber security analysis. The basic formalism of AT does not take into account defense mechanisms. Defense trees (DT) have been developed to investigate the effect of defense mechanisms using measures such as attacker's cost and security cost, return on investment (ROI) and return on attack (ROA). DT, however, places defense mechanisms only at the leaf node level while the corresponding ROI/ROA analysis does not incorporate the probability of attack. In attack response tree (ART), attacker-defender game was used to fin optimal policy from the countermeasures' pool and it suffers from the problem of state-space explosion, since solution in ART is resolved by means of a partially observable stochastic game model. In this paper, we present a novel attack tree named attack countermeasure trees (ACT) in which (i) defense mechanisms can be applied at any node of the tree, not just at leaf node level, (ii) qualitative analysis (using mincuts, structural and Birnbaum importance measure) and probabilistic analysis (using attacker and security cost, system risk, impact of an attack, ROI and ROA) can be performed (iii) optimal countermeasure set can be selected from the pool of defense mechanisms without constructing a state-space model. We use single and multi-objective optimization to fin suitable countermeasures under different constraints. We illustrate the features of ACT using a practical case study (SCADA attack).
Supplemental Material
Available for Download
- E. G. Amoroso. Fundamentals of Computer Security Technology. Prentice-Hall, Inc., 1994. Google ScholarDigital Library
- Z. W. Birnbaum. On The Importance of Different Components in a Multicomponent System. Technical report, Washington University Seattle Lab of Statistical Research, 1968.Google Scholar
- S. Bistarelli, M. D. Aglio, and P. Peretti. Strategic Games on Defense Trees. LNCS, 4691:1--15, 2007. Google ScholarDigital Library
- T. H. Cormen, C. E. Leiserson, R. L. Rivest, and C. Stein. Introduction to Algorithms. MIT press, 2001. Google ScholarDigital Library
- K. Daley, R. Larson, and J. Dawkins. A Structural Framework for Modeling Multi-stage Network Attacks. In Proc. ICPPW, pages 1530--1536, 2002. Google ScholarDigital Library
- K. Edge and U. Major. A Framework for Analyzing and Mitigating the Vulnerabilities of Complex Systems via Attack and Protection Trees. PhD Thesis, 2007. Google ScholarDigital Library
- B. Foo, Y. S. Wu, Y. C. Mao, S. Bagchi, and E. Spafford. ADEPTS: Adaptive Intrusion Response Using Attack Graphs in an E-Commerce Environment. In Proc. DSN, pages 508--517, 2005. Google ScholarDigital Library
- I. N. Fovino, M. Masera, and A. D. Cian. Integrating Cyber Attacks Within Fault Trees. Reliability Engineering & System Safety, 94(9):1394--1402, 2009.Google ScholarCross Ref
- B. B. Madan and K. S. Trivedi. Security Modeling and Quantificatio of Intrusion Tolerant Systems Using Attack-response Graph. J. of High Speed Networks, 13(4):297--308, 2004. Google ScholarDigital Library
- S. Mauw and M. Oostdijk. Foundations of Attack Trees. LNCS, 3935:186--198, 2006. Google ScholarDigital Library
- A. P. Moore, R. J. Ellison, and R. C. Linger. Attack Modeling for Information Security and Survivability. CMU/SEI-2001-TN-001, 2001.Google Scholar
- A. Rauzy. New Algorithms for Fault Tree Analysis. Reliability Engineering & System Safety, 40(3):203--211, 1993.Google ScholarCross Ref
- A. Roy, D. Kim, and K. S. Trivedi. ACT: Attack Countermeasure Trees for Information Assurance Analysis. In Poster Session INFOCOM, 2010.Google ScholarCross Ref
- B. Schneier. Secrets and Lies: Digital Security in a Networked World. John Wiley and Sons, Inc., 2000. Google ScholarDigital Library
- K. S. Trivedi and R. Sahner. Sharpe at the age of twenty two. ACM SIGMETRICS Perf. Eval. Review, 36(4):52--57, 2009. Google ScholarDigital Library
- J. D. Weiss. A System Security Engineering Process. In Proc. of the 14th National Computer Security Conf., 1991.Google Scholar
- S. A. Zonouz, H. Khurana, W. H. Sanders, and T. M. Yardley. RRE: A Game-Theoretic Intrusion Response and Recovery Engine. In Proc. DSN, pages 439--448, 2009.Google ScholarCross Ref
Index Terms
- Cyber security analysis using attack countermeasure trees
Recommendations
Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees
Attack tree (AT) is one of the widely used non-state-space models for security analysis. The basic formalism of AT does not take into account defense mechanisms. Defense trees (DTs) have been developed to investigate the effect of defense mechanisms ...
Asset-Centric Analysis and Visualisation of Attack Trees
Graphical Models for SecurityAbstractAttack trees are an established concept in threat and risk analysis. They build the basis for numerous frameworks aiming to determine the risk of attack scenarios or to identify critical attacks or attack paths. However, existing frameworks do not ...
Security Protocol Testing Using Attack Trees
CSE '09: Proceedings of the 2009 International Conference on Computational Science and Engineering - Volume 02In this paper we present an attack injectionapproach for security protocol testing aiming atvulnerability detection. We use attack tree model todescribe known attacks and derive injection testscenarios to test the security properties of the ...
Comments