Advertisement

Attack-Tree Series: A Case for Dynamic Attack Tree Analysis

  • Olga Gadyatskaya
  • Sjouke MauwEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11720)

Abstract

Attack trees are a popular model for security scenario analysis. Yet, they are currently treated in the literature as a static model and are not suitable for dynamic security monitoring. In this paper we introduce attack-tree series, a time-indexed set of attack trees, as a model to capture and visualize the evolution of security scenarios. This model supports changes in the attack tree structure as well as changes in the data values. We introduce the notion of a temperature function as a special type of attribute that expresses the importance of change in the data values. We also introduce a consistency predicate on attack trees to allow inter-relating the evolving scenarios captured as attack trees. Finally, we discuss various application scenarios for attack-tree series and we demonstrate on a case study how the proposed ideas can be implemented to visualize historical trends.

References

  1. 1.
    Amenaza. Securitree software (2017)Google Scholar
  2. 2.
    Amoroso, E.G.: Fundamentals of Computer Security Technology. Prentice-Hall Inc., Upper Saddle River (1994)zbMATHGoogle Scholar
  3. 3.
    Bagnato, A., Kordy, B., Meland, P.H., Schweitzer, P.: Attribute decoration of attack-defense trees. Int. J. Secure Softw. Eng. 3(2), 1–35 (2012)CrossRefGoogle Scholar
  4. 4.
    Box, G.E.P., Jenkins, G.M., Reinsel, G.C., Ljung, G.M.: Time Series Analysis: Forecasting and Control. Wiley, Hoboken (2015)zbMATHGoogle Scholar
  5. 5.
    Buldas, A., Gadyatskaya, O., Lenin, A., Mauw, S., Trujillo-Rasua, R.: Attribute evaluation on attack trees with incomplete information. Computers & Security (2019, to appear)Google Scholar
  6. 6.
    Fraile, M., Ford, M., Gadyatskaya, O., Kumar, R., Stoelinga, M., Trujillo-Rasua, R.: Using attack-defense trees to analyze threats and countermeasures in an ATM: a case study. In: Horkoff, J., Jeusfeld, M.A., Persson, A. (eds.) PoEM 2016. LNBIP, vol. 267, pp. 326–334. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-48393-1_24 CrossRefGoogle Scholar
  7. 7.
    Gadyatskaya, O., Hansen, R.R., Larsen, K.G., Legay, A., Olesen, M.C., Poulsen, D.B.: Modelling attack-defense trees using timed automata. In: Fränzle, M., Markey, N. (eds.) FORMATS 2016. LNCS, vol. 9884, pp. 35–50. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-44878-7_3CrossRefzbMATHGoogle Scholar
  8. 8.
    Gadyatskaya, O., Harpes, C., Mauw, S., Muller, C., Muller, S.: Bridging two worlds: reconciling practical risk assessment methodologies with theory of attack trees. In: Kordy, B., Ekstedt, M., Kim, D.S. (eds.) GraMSec 2016. LNCS, vol. 9987, pp. 80–93. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-46263-9_5CrossRefGoogle Scholar
  9. 9.
    Gadyatskaya, O., Jhawar, R., Kordy, P., Lounis, K., Mauw, S., Trujillo-Rasua, R.: Attack trees for practical security assessment: ranking of attack scenarios with ADTool 2.0. In: Agha, G., Van Houdt, B. (eds.) QEST 2016. LNCS, vol. 9826, pp. 159–162. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-43425-4_10CrossRefGoogle Scholar
  10. 10.
    Gadyatskaya, O., Jhawar, R., Mauw, S., Trujillo-Rasua, R., Willemse, T.A.C.: Refinement-aware generation of attack trees. In: Livraga, G., Mitchell, C. (eds.) STM 2017. LNCS, vol. 10547, pp. 164–179. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-68063-7_11CrossRefGoogle Scholar
  11. 11.
    Garae, J., Ko, R.K.L.: Visualization and data provenance trends in decision support for cybersecurity. In: Palomares Carrascosa, I., Kalutarage, H.K., Huang, Y. (eds.) Data Analytics and Decision Support for Cybersecurity. DA, pp. 243–270. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-59439-2_9CrossRefGoogle Scholar
  12. 12.
    Green, I.: Extreme cyber scenario planning & attack tree analysis (2013). Talk at RSA Conference https://www.rsaconference.com/writable/presentations/file_upload/grc-t17.pdf
  13. 13.
    Ivanova, M.G., Probst, C.W., Hansen, R.R., Kammüller, F.: Attack tree generation by policy invalidation. In: Akram, R.N., Jajodia, S. (eds.) WISTP 2015. LNCS, vol. 9311, pp. 249–259. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-24018-3_16CrossRefGoogle Scholar
  14. 14.
    Jhawar, R., Lounis, K., Mauw, S., Ramírez-Cruz, Y.: Semi-automatically augmenting attack trees using an annotated attack tree library. In: Katsikas, S.K., Alcaraz, C. (eds.) STM 2018. LNCS, vol. 11091, pp. 85–101. Springer, Cham (2018).  https://doi.org/10.1007/978-3-030-01141-3_6CrossRefGoogle Scholar
  15. 15.
    Kordy, B., Mauw, S., Radomirovic, S., Schweitzer, P.: Attack-defense trees. J. Logic Comput. 24(1), 55–87 (2014)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Kordy, B., Mauw, S., Schweitzer, P.: Quantitative questions on attack–defense trees. In: Kwon, T., Lee, M.-K., Kwon, D. (eds.) ICISC 2012. LNCS, vol. 7839, pp. 49–64. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-37682-5_5CrossRefGoogle Scholar
  17. 17.
    Kordy, B., Kordy, P., Mauw, S., Schweitzer, P.: ADTool: security analysis with attack–defense trees. In: Joshi, K., Siegle, M., Stoelinga, M., D’Argenio, P.R. (eds.) QEST 2013. LNCS, vol. 8054, pp. 173–176. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40196-1_15CrossRefzbMATHGoogle Scholar
  18. 18.
    Kumar, R., Stoelinga, M.: Quantitative security and safety analysis with attack-fault trees. In: Proceedings 18th International Symposium on High Assurance Systems Engineering (HASE 2017), pp. 25–32. IEEE (2017)Google Scholar
  19. 19.
    Lakkaraju, K., Yurcik, W., Lee, A.J.: NVisionIP: netflow visualizations of system state for security situational awareness. In: Proceedings 2004 ACM Workshop on Visualization and Data Mining for Computer Security (VizSEC/DMSEC 2004), pp. 65–72. ACM (2004)Google Scholar
  20. 20.
    Li, E., Barendse, J., Brodbeck, F., Tanner, A.: From A to Z: developing a visual vocabulary for information security threat visualisation. In: Kordy, B., Ekstedt, M., Kim, D.S. (eds.) GraMSec 2016. LNCS, vol. 9987, pp. 102–118. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-46263-9_7CrossRefGoogle Scholar
  21. 21.
    Liao, X., Yuan, K., Wang, X.F., Li, Z., Xing, L., Beyah, R.: Acing the IOC game: toward automatic discovery and analysis of open-source cyber threat intelligence. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 755–766. ACM (2016)Google Scholar
  22. 22.
    Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006).  https://doi.org/10.1007/11734727_17CrossRefGoogle Scholar
  23. 23.
    Noel, S., Harley, E., Tam, K.H., Limiero, M., Share, M.:. CyGraph: graph-based analytics and visualization for cybersecurity. In: Handbook of Statistics, vol. 35, pp. 117–167. Elsevier (2016)Google Scholar
  24. 24.
    Paul, S.: Towards automating the construction & maintenance of attack trees: a feasibility study. In: Proceedings 1st International Workshop on Graphical Models for Security (GraMSec 2014), Grenoble, France, volume 148 of EPTCS, pp. 31–46 (2014)Google Scholar
  25. 25.
    Paul, S., Vignon-Davillier, R.: Unifying traditional risk assessment approaches with attack trees. J. Inf. Secur. Appl. 19(3), 165–181 (2014)Google Scholar
  26. 26.
    Pinchinat, S., Acher, M., Vojtisek, D.: ATSyRa: an integrated environment for synthesizing attack trees. In: Mauw, S., Kordy, B., Jajodia, S. (eds.) GraMSec 2015. LNCS, vol. 9390, pp. 97–101. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-29968-6_7CrossRefGoogle Scholar
  27. 27.
    Rasmussen, J., Ehrlich, K., Ross, S., Kirk, S., Gruen, D., Patterson, J.: Nimble cybersecurity incident management through visualization and defensible recommendations. In: Proceedings 7th International Symposium on Visualization for Cyber Security (VizSec 2010), pp. 102–113. ACM (2010)Google Scholar
  28. 28.
    Roy, A., Kim, D.S., Trivedi, K.S.: Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees. Secur. Commun. Netw. 5(8), 929–943 (2012)CrossRefGoogle Scholar
  29. 29.
    Salter, C., Saydjari, O.S., Schneier, B., Wallner, J.: Toward a secure system engineering methodology. In: Proceedings 1998 Workshop on New Security Paradigms (NSPW 1998), pp. 2–10. ACM (1998)Google Scholar
  30. 30.
    Schneier, B.: Attack trees: modeling security threats. Dobb’s J. Softw. Tools 24(12), 21–29 (1999)Google Scholar
  31. 31.
    Shostack, A.: Threat Modeling: Designing for Security. Wiley, Hoboken (2014)Google Scholar
  32. 32.
    Takahashi, T., Emura, K., Kanaoka, A., Matsuo, S., Minowa, T.: Risk visualization and alerting system: architecture and proof-of-concept implementation. In: Proceedings 1st International Workshop on Security in Embedded Systems and Smartphones (SESP 2013), pp. 3–10. ACM (2013)Google Scholar
  33. 33.
    Tounsi, W., Rais, H.: A survey on technical threat intelligence in the age of sophisticated cyber attacks. Comput. Secur. 72, 212–233 (2018)CrossRefGoogle Scholar
  34. 34.
    Vigo, R., Nielson, F., Nielson, H.R.: Automated generation of attack trees. In: Proceedings 27th IEEE Computer Security Foundations Symposium (CSF 2014), pp. 337–350. IEEE (2014)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.CSC/SnTUniversity of LuxembourgEsch-sur-AlzetteLuxembourg

Personalised recommendations