A Stochastic Framework for Quantitative Analysis of Attack-Defense Trees

  • Ravi Jhawar
  • Karim LounisEmail author
  • Sjouke Mauw
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9871)


Cyber attacks are becoming increasingly complex, practically sophisticated and organized. Losses due to such attacks are important, varying from the loss of money to business reputation spoilage. Therefore, there is a great need for potential victims of cyber attacks to deploy security solutions that allow the identification and/or prediction of potential cyber attacks, and deploy defenses to face them. In this paper, we propose a framework that incorporates Attack-Defense trees (ADTrees) and Continuous Time Markov Chains (CTMCs) to systematically represent attacks, defenses, and their interaction. This solution allows to perform quantitative security assessment, with an aim to predict and/or identify attacks and find the best and appropriate defenses to reduce the impact of attacks.


Attack-Defense Trees Markov chains Security modeling Quantitative analysis 


  1. 1.
    Abraham, S., Nair, S.: Predictive cyber-security analytics framework: a non-homogenous markov model for security quantification. arXiv preprint arXiv:1501.01901 (2015)
  2. 2.
    Arnold, F., Guck, D., Kumar, R., Stoelinga, M.: Sequential and parallel attack tree modelling. In: Koornneef, F., Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9338, pp. 291–299. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-24249-1_25 CrossRefGoogle Scholar
  3. 3.
    Arnold, F., Hermanns, H., Pulungan, R., Stoelinga, M.: Time-dependent analysis of attacks. In: Abadi, M., Kremer, S. (eds.) POST 2014 (ETAPS 2014). LNCS, vol. 8414, pp. 285–305. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  4. 4.
    Bagnato, A., Kordy, B., Meland, P.H., Schweitzer, P.: Attribute decoration of attack-defense trees. Int. J. Secur. Softw. Eng. 3(2), 1–35 (2012)CrossRefGoogle Scholar
  5. 5.
    Dalton II, G.C., Mills, R.F., Colombi, J.M., Raines, R.A.: Analyzing attack trees using generalized stochastic Petri nets. In: IEEE Information Assurance Workshop, pp. 116–123. IEEE (2006)Google Scholar
  6. 6.
    Gadyatskaya, O., Jhawar, R., Kordy, P., Lounis, K., Mauw, S., Trujillo-Rasua, R.: Attack trees for practical security assessment: ranking of attack scenarios with ADTool 2.0. In: Agha, G., Houdt, B. (eds.) QEST 2016. LNCS, vol. 9826, pp. 159–162. Springer, Heidelberg (2016). doi: 10.1007/978-3-319-43425-4_10 CrossRefGoogle Scholar
  7. 7.
    Hughes, T., Sheyner, O.: Attack scenario graphs for computer network threat analysis and prediction. Complexity 9(2), 15–18 (2003)CrossRefGoogle Scholar
  8. 8.
    Kordy, B., Kordy, P., Mauw, S., Schweitzer, P.: ADTool: security analysis with attack-defense trees (extended version). arXiv preprint arXiv:1305.6829 (2013)
  9. 9.
    Kordy, B., Mauw, S., Melissen, M., Schweitzer, P.: Attack–defense trees and two-player binary zero-sum extensive form games are equivalent. In: Alpcan, T., Buttyán, L., Baras, J.S. (eds.) GameSec 2010. LNCS, vol. 6442, pp. 245–256. Springer, Heidelberg (2010)Google Scholar
  10. 10.
    Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Foundations of attack–defense trees. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 80–95. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-19751-2_6 CrossRefGoogle Scholar
  11. 11.
    Kordy, B., Pouly, M., Schweitzer, P.: A probabilistic framework for security scenarios with dependent actions. In: Albert, E., Sekerinski, E. (eds.) IFM 2014. LNCS, vol. 8739, pp. 256–271. Springer, Heidelberg (2014)Google Scholar
  12. 12.
    Madan, B.B., Gogeva-Popstojanova, K, Vaidyanathan, K., Trivedi, K.S.: Modeling and quantification of security attributes of software systems. In: International Conference on Dependable Systems and Networks, pp. 505–514. IEEE (2002)Google Scholar
  13. 13.
    Markov, A.: Extension of the limit theorems of probability theory to a sum of variables connected in a chain. In: Howard, R. (ed.) Dynamic Probabilistic Systems (Volume I: Markov Models), pp. 552–577. Wiley, New York (1971)Google Scholar
  14. 14.
    Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006). doi: 10.1007/11734727_17 CrossRefGoogle Scholar
  15. 15.
    Piètre-Cambacédès, L., Bouissou, M.: Beyond attack trees: dynamic security modeling with Boolean logic Driven Markov Processes (BDMP). In: European Dependable Computing Conference, pp. 199–208. IEEE (2010)Google Scholar
  16. 16.
    Pudar, S., Manimaran, G., Liu, C.-C.: PENET: a practical method and tool for integrated modeling of security attacks and countermeasures. Comput. Secur. 28(8), 754–771 (2009)CrossRefGoogle Scholar
  17. 17.
    Roy, A., Kim, D.S., Trivedi, K.S.: Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees. Secur. Commun. Netw. 5(8), 929–943 (2012)CrossRefGoogle Scholar
  18. 18.
    Stewart, W.J.: Introduction to the Numerical Solutions of Markov Chains. Princeton University Press, Princeton (1994)zbMATHGoogle Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  1. 1.CSC/SnTUniversity of LuxembourgLuxembourgLuxembourg

Personalised recommendations