Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Security

IWSEC 2010: Advances in Information and Computer Security pp 354–370Cite as

Optimal Adversary Behavior for the Serial Model of Financial Attack Trees

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6434))

Abstract

Attack tree analysis is used to estimate different parameters of general security threats based on information available for atomic subthreats. We focus on estimating the expected gains of an adversary based on both the cost and likelihood of the subthreats. Such a multi-parameter analysis is considerably more complicated than separate probability or skill level estimation, requiring exponential time in general. However, this paper shows that under reasonable assumptions a completely different type of optimal substructure exists which can be harnessed into a linear-time algorithm for optimal gains estimation. More concretely, we use a decision-theoretic framework in which a rational adversary sequentially considers and performs the available attacks. The assumption of rationality serves as an upper bound as any irrational behavior will just hurt the end result of the adversary himself. We show that if the attacker considers the attacks in a goal-oriented way, his optimal expected gains can be computed in linear time. Our model places the least restrictions on adversarial behavior of all known attack tree models that analyze economic viability of an attack and, as such, provides for the best efficiently computable estimate for the potential reward.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Lippmann, R.P., Ingols, K.: An annotated review of past papers on attack graphs (2005)

    Google Scholar 

  2. Ammann, P., Wijesekera, D., Kaushik, S.: Scalable, graph-based network vulnerability analysis. In: CCS 2002: Proceedings of the 9th ACM Conference on Computer and Communications Security, pp. 217–224 (2002)

    Google Scholar 

  3. Jajodia, S., Noel, S., O’Berry, B.: Topological analysis of network attack vulnerability. In: Managing Cyber Threats: Issues, Approaches and Challenges (2003)

    Google Scholar 

  4. Ericson II, C.A.: Fault tree analysis - a history. In: Proceedings of the 17th International System Safety Conference (1999)

    Google Scholar 

  5. Weiss, J.D.: A system security engineering process. In: Proceedings of the 14th National Computer Security Conference, pp. 572–581 (1991)

    Google Scholar 

  6. Schneier, B.: Attack trees: Modeling security threats. Dr. Dobb’s Journal 24, 21–29 (1999)

    Google Scholar 

  7. Edge, K.S.: A Framework for Analyzing and Mitigating the Vulnerabilities of Complex Systems via Attack and Protection Trees. PhD thesis, Air Force Institute of Technology, Ohio (2007)

    Google Scholar 

  8. Espedahlen, J.H.: Attack trees describing security in distributed internet-enabled metrology. Master’s thesis, Department of Computer Science and Media Technology, Gjøvik University College (2007)

    Google Scholar 

  9. Moore, A.P., Ellison, R.J., Linger, R.C.: Attack modeling for information security and survivability. Technical Report CMU/SEI-2001-TN-001, Software Engineering Institute (2001)

    Google Scholar 

  10. Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  11. Amenaza: Secur/tree attack tree modeling (2010), http://www.amenaza.com/

  12. Buldas, A., Laud, P., Priisalu, J., Saarepera, M., Willemson, J.: Rational Choice of Security Measures via Multi-Parameter Attack Trees. In: López, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 235–248. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  13. Buldas, A., Mägi, T.: Practical security analysis of e-voting systems. In: Miyaji, A., Kikuchi, H., Rannenberg, K. (eds.) IWSEC 2007. LNCS, vol. 4752, pp. 320–335. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  14. Jürgenson, A., Willemson, J.: Computing exact outcomes of multi-parameter attack trees. In: Meersman, R., Tari, Z. (eds.) OTM 2008, Part II. LNCS, vol. 5332, pp. 1036–1051. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  15. Jürgenson, A., Willemson, J.: Serial model for attack tree computations. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 118–128. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  16. Jürgenson, A., Willemson, J.: Processing multi-parameter attacktrees with estimated parameter values. In: Miyaji, A., Kikuchi, H., Rannenberg, K. (eds.) IWSEC 2007. LNCS, vol. 4752, pp. 308–319. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  17. Niitsoo, M.: Optimal adversary behavior for the serial model of financial attack trees. Cryptology ePrint Archive, Report 2010/412 (2010) http://eprint.iacr.org/

  18. Jensen, F.V.: Bayesian Networks and Decision Graphs. In: Information Science and Statistics. Springer, Heidelberg (2001)

    Google Scholar 

  19. Wegener, I.: Branching programs and binary decision diagrams: theory and applications. SIAM, Philadelphia (2000)

    Book  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Tartu, Liivi 2, 50409, Tartu, Estonia

    Margus Niitsoo

  2. Cybernetica AS, Akadeemia tee 21, 12618, Tallinn, Estonia

    Margus Niitsoo

Authors
  1. Margus Niitsoo
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. National Institute of Informatics, 2-1-2 Hitotsubashi, 101-8430, Chiyoda-ku, Tokyo, Japan

    Isao Echizen

  2. School of Frontier Sciences, Department of Complexity Science and Engineering, University of Tokyo, 5-1-5 Kashiwanoha, Kashiwa-shi, 277-8561, Chiba, Japan

    Noboru Kunihiro

  3. School of Science and Technology for Future Life, Department of Information Systems and Multi Media, Tokyo Denki University, 2-2 Kanda-Nishiki-cho, 101-8457, Chiyoda-ku, Tokyo, Japan

    Ryoichi Sasaki

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Niitsoo, M. (2010). Optimal Adversary Behavior for the Serial Model of Financial Attack Trees. In: Echizen, I., Kunihiro, N., Sasaki, R. (eds) Advances in Information and Computer Security. IWSEC 2010. Lecture Notes in Computer Science, vol 6434. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16825-3_24

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-16825-3_24

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-16824-6

  • Online ISBN: 978-3-642-16825-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation