Information Technology and Management

, Volume 16, Issue 3, pp 221–233 | Cite as

Integrating attacker behavior in IT security analysis: a discrete-event simulation approach

  • Andreas Ekelhart
  • Elmar Kiesling
  • Bernhard Grill
  • Christine Strauss
  • Christian Stummer


When designing secure information systems, a profound understanding of the threats that they are exposed to is indispensable. Today’s most severe risks come from malicious threat agents exploiting a variety of attack vectors to achieve their goals, rather than from random opportunistic threats such as malware. Most security analyses, however, focus on fixing technical weaknesses, but do not account for sophisticated combinations of attack mechanisms and heterogeneity in adversaries’ motivations, resources, capabilities, or points of access. In order to address these shortcomings and, thus, to provide security analysts with a tool that makes it possible to also identify emergent weaknesses that may arise from dynamic interactions of attacks, we have combined rich conceptual modeling of security knowledge with attack graph generation and discrete-event simulation techniques. This paper describes the prototypical implementation of the resulting security analysis tool and demonstrates how it can be used for an experimental evaluation of a system’s resilience against various adversaries.


IT security Modeling and simulation Secure systems analysis and design Attacker behavior 



The work presented in this paper was performed in the course of the research project “MOSES3” that is funded by the Austrian Science Fund (FWF) by Grant No. P23122-N23. The research was carried out at Secure Business Austria, a COMET K1 program competence center supported by FFG, the Austrian Research Promotion Agency.


  1. 1.
    Ammann P, Wijesekera D, Kaushik S (2002) Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM conference on computer and communications security, pp 217–224. ACMGoogle Scholar
  2. 2.
    Bistarelli S, Dall’Aglio M, Peretti P (2007) Strategic games on defense trees. In: Formal aspects in security and trust (LNCS 4691), pp 1–15. SpringerGoogle Scholar
  3. 3.
    BSI: BSI-Standards. Technical report, German Federal Office for Information Security (2013).
  4. 4.
    Buldas A, Laud P, Priisalu J, Saarepera M, Willemson J (2006) Rational choice of security measures via multi-parameter attack trees. In: First international workshop on critical information infrastructures security (LNCS 4347), pp 235–248. SpringerGoogle Scholar
  5. 5.
    Chi SD, Park JS, Jung KC, Lee JS (2001) Network security modeling and cyber attack simulation methodology. In: Proceedings of 6th Australasian conference (LNCS 2119), pp 320–333. SpringerGoogle Scholar
  6. 6.
    Cohen F (1999) Simulating cyber attacks, defences, and consequences. Comput Secur 18(6):479–518CrossRefGoogle Scholar
  7. 7.
    Dahl OM, Wolthusen SD (2006) Modeling and execution of complex attack scenarios using interval timed colored Petri nets. In: Proceedings of the fourth IEEE international workshop on information assurance, pp 157–168. IEEEGoogle Scholar
  8. 8.
    Dalton GC, Mills RF, Colombi JM, Raines RA (2006) Analyzing attack trees using generalized stochastic Petri nets. In: IEEE information assurance workshop, pp 116–123. IEEEGoogle Scholar
  9. 9.
    Fenz S, Ekelhart A (2009) Formalizing information security knowledge. In: Proceedings of the 4th ACM symposium on information, computer, and communications security, pp 183–194. ACMGoogle Scholar
  10. 10.
    Franqueira VNL, Lopes RHC, van Eck P (2009) Multi-step attack modelling and simulation (MsAMS) framework based on mobile ambients. In: Proceedings of the 2009 ACM symposium on applied computing, pp 66–73. ACMGoogle Scholar
  11. 11.
    Gómez-Pérez A, Fernández-López M, Corcho O (2004) Ontological engineering. Springer, BerlinGoogle Scholar
  12. 12.
    Hevner AR, March ST, Ram S (2004) Design science in information systems research. MIS Q 28(1):75–105Google Scholar
  13. 13.
    ISO: ISO/IEC 27001: 2013 information technology—security techniques—information management systems—requirements. Technical report, International Organization for Standardization/International Electrotechnical Commission (2013).
  14. 14.
    Jürgenson A, Willemson J (2008) Computing exact outcomes of multi-parameter attack trees. In: On the move to meaningful internet systems (LNCS 5332), pp 1036–1051. SpringerGoogle Scholar
  15. 15.
    Liu P, Zang W, Yu M (2005) Incentive-based modeling and inference of attacker intent, objectives, and strategies. ACM Trans Inf Syst Secur 8(1):78–118CrossRefGoogle Scholar
  16. 16.
    Ma Z, Smith P (2013) Determining risks from advanced multi-step attacks to critical information infrastructures. In: Luiijf E, Hartel P (eds) Critical information infrastructures security (LNCS 8328), pp 142–154. SpringerGoogle Scholar
  17. 17.
    Mauw S, Oostdijk M (2006) Foundations of attack trees. In: Revised selected papers of the 8th information security and cryptology 2005 (LNCS 3935), pp 186–198. SpringerGoogle Scholar
  18. 18.
    Mell P, Scarfone K, Romanosky S (2007) A complete guide to the common vulnerability scoring system version 2.0. NIST and Carnegie Mellon UniversityGoogle Scholar
  19. 19.
    MITRE: Common attack pattern enumeration and classification (CAPEC) (2014).
  20. 20.
    MITRE: Common vulnerabilities and exposures (2014).
  21. 21.
    Moore A (2001) Attack modeling for information security and survivability. Technical report, DTIC DocumentGoogle Scholar
  22. 22.
    Neubauer T, Stummer C, Weippl E (2006) Workshop-based multiobjective security safeguard selection. In: Proceedings of the first international conference on availability, reliability and security, pp 1–8. IEEEGoogle Scholar
  23. 23.
    NIST: Special publication 800–39: Managing information security risk: Organization, mission, and information system view. Technical report, NIST Computer Security Division (2011)Google Scholar
  24. 24.
    Ou X, Boyer WF, McQueen MA (2006) A scalable approach to attack graph generation. In: Proceedings of the 13th ACM conference on computer and communications security, pp 336–345. ACMGoogle Scholar
  25. 25.
    OWASP Foundation: Open web application security project (2014).
  26. 26.
    Panchenko A, Pimenidis L (2006) Towards practical attacker classification for risk analysis in anonymous communication. In: Proceedings of the 10th IFIP TC-6 TC-11 international conference on communications and multimedia security (LNCS 4237), pp 240–251. SpringerGoogle Scholar
  27. 27.
    Pieters W (2011) Representing humans in system security models: an actor-network approach. J Wirel Mobile Netw Ubiquitous Comput Dependable Appl 2(1):75–92Google Scholar
  28. 28.
    Ritchey RW, Ammann P (2000) Using model checking to analyze network vulnerabilities. In: Proceedings of the IEEE symposium on security and privacy, pp 156–165. IEEEGoogle Scholar
  29. 29.
    Sallhammar K, Helvik BE, Knapskog SJ (2005). Incorporating attacker behavior in stochastic models of security. In: Arabnia HR (ed) Proceedings of the international conference on security and management, pp 79–85. CSREA PressGoogle Scholar
  30. 30.
    Sawilla RE, Ou X (2008) Identifying critical attack assets in dependency attack graphs. In: Proceedings of the 13th European symposium on research in computer security (LNCS 5283), pp 18–34. SpringerGoogle Scholar
  31. 31.
    Schneier B (2000) Secrets and Lies: Digital security in a networked world. Wiley, LondonGoogle Scholar
  32. 32.
    Stojanovic L, Schneider J, Maedche A, Libischer S, Studer R, Lumpp T, Abecker A, Breiter G, Dinger J (2004) The role of ontologies in autonomic computing systems. IBM Syst J 43(3):598–616CrossRefGoogle Scholar
  33. 33.
    Strauss C, Stummer C (2002) Multiobjective decision support in IT-risk management. Int J Inf Technol Decis Mak 2(1):251–268CrossRefGoogle Scholar
  34. 34.
    Wang L, Singhal A, Jajodia S (2007) Measuring the overall security of network configurations using attack graphs. In: Proceedings of the 21st annual IFIP WG 11.3 working conference on data and applications security (LNCS 4602), pp 98–112. SpringerGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2015

Authors and Affiliations

  • Andreas Ekelhart
    • 1
  • Elmar Kiesling
    • 2
  • Bernhard Grill
    • 1
  • Christine Strauss
    • 3
  • Christian Stummer
    • 4
  1. 1.Secure Business AustriaViennaAustria
  2. 2.Vienna University of TechnologyViennaAustria
  3. 3.University of ViennaViennaAustria
  4. 4.Bielefeld UniversityBielefeldGermany

Personalised recommendations