Defining Threat Agents: Towards a More Complete Threat Analysis

  • Timothy Casey
  • Patrick Koeberl
  • Claire Vishik


There has been significant progress in defining and developing viable approaches to threat modeling and risk assessment techniques for a wide range of IT applications and computing environments. However, we observe that the focus of most studies continues to be on asset or vulnerability analysis, leaving the analysis of threat agents out of scope. The motivations of the attackers are predominantly economic, and the mitigation techniques and planning approaches depend heavily on the intent and resources available to the attackers. Although threat agent taxonomies may be simple, they are necessary for the development of both theoretical studies of vulnerabilities and practical analyses of the measures necessary for the remediation and mitigation. In this paper, we are taking a more careful look at the typology of threat agents that can provide considerable insights into the likelihood, seriousness, and specific nature of security attack. We also evaluate the context where these taxonomies operate. Finally, we describe Intel’s Threat Agent Library (TAL) and its applicability to various situations in dynamic threat analysis.


IEEE Computer Society Threat Modeling Mitigation Technique Threat Assessment Security Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. Th omas, R. C. 2009. Total cost of security: a method for managing risks and incentives across the extended enterprise. In Proceedings of the 5th Annual Workshop on Cyber Security and information intelligence Research: Cyber Security and information intelligence Challenges and Strategies (Oak Ridge, Tennessee, April 13 - 15, 2009). F. Sheldon, G. Peterson, A. Krings, R. Abercrombie, and A. Mili, Eds. CSIIRW ‘09. ACM, New York, NY, 1–4.CrossRefGoogle Scholar
  2. Cheng, B. H. and Atlee, J. M. 2007. Research Directions in Requirements Engineering. In 2007 Future of Soft ware Engineering (May 23–25, 2007). International Conference on Soft ware Engineering. IEEE Computer Society, Washington, DC, 285–303.Google Scholar
  3. Fenz, S. and Ekelhart, A. 2009. Formalizing information security knowledge. In Proceedings of the 4th international Symposium on information, Computer, and Communications Security (Sydney, Australia, March 10 - 12, 2009). ASIACCS ‘09. ACM, New York, NY, 183–194.Google Scholar
  4. Cardenas, A. A., Roosta, T., and Sastry, S. 2009. Rethinking security properties, threat models, and the design space in sensor networks: A case study in SCADA systems. Ad Hoc Netw. 7, 8 (Nov. 2009), 1434–1447.CrossRefGoogle Scholar
  5. Fruhwirth, C. and Mannisto, T. 2009. Improving CVSS-based vulnerability prioritization and response with context information. In Proceedings of the 2009 3rd international Symposium on Empirical Software Engineering and Measurement (October 15 - 16, 2009). ESEM. IEEE Computer Society, Washington, DC, 535–544.Google Scholar
  6. Daruwala, B., Mandujano, S., Mangipudi, N. K., and Wong, H. 2009. Threat analysis for hardware and software products using HazOP. In Proceedings of the international Conference on Computational and information Science 2009 (Houston, USA, April 30 - May 02, 2009). V. Zafiris, M. Benavides, K. Gao, S. Hashemi, K. Jegdic, G. A. Kouzaev, P. Simeonov, L. Vladareanu, and C. Vobach, Eds. Recent Advances In Electrical Engineering. World Scientific and Engineering Academy and Society (WSEAS), Stevens Point, Wisconsin, 446–453.Google Scholar
  7. R. K. Abercrombie, F. T. Sheldon, and A. Mili, “Managing Complex IT Security Processes with Value Based Measures,” Proceedings of 2009 IEEE Symposium on Computational Intelligence in Cyber Security, Nashville, TN, April 1, 2009Google Scholar
  8. Lukas Ruf, Consecom AG, Anthony Thorn, ATSS GmbH, Tobias Christen, Zürich Financial Services AG, Beatrice Gruber, Credit Suisse AG, Roland Portmann, Hochschule Luzer. Threat Modeling in Security Architecture -The Nature of Threats. ISSS Working Group. Available at:
  9. Kim, Y., Park, G., Kim, T., and Lee, S. 2007. Security Evaluation for Information Assurance. In Proceedings of the the 2007 international Conference Computational Science and Its Applications (August 26 - 29, 2007). ICCSA. IEEE Computer Society, Washington, DC, 227–230.Google Scholar
  10. Kwan, L., Ray, P., and Stephens, G. 2008. Towards a Methodology for Profiling Cyber Criminals. In Proceedings of the Proceedings of the 41st Annual Hawaii international Conference on System Sciences (January 07 - 10, 2008). HICSS. IEEE Computer Society, Washington, DC, 264. Williams, L. Y. 2007 A Taxonomy of Network-Perpetrated Criminal Activity: Developing an Empirically-Based Model for Recourse Strategies. Doctoral Thesis. UMI Order Number: AAI3259653., Capella University.Google Scholar
  11. DG Abraham, GM Dolan, GP Double, JV Stevens. 1991. Transaction Security System. In IBM Systems Journal Journal, v 30 no 2 (1991), 206–229.CrossRefGoogle Scholar
  12. Bierman, E. and Cloete, E. 2002. Classification of malicious host threats in mobile agent computing. In Proceedings of the 2002 Annual Research Conference of the South African institute of Computer Scientists and information Technologists on Enablement Through Technology (Port Elizabeth, South Africa, September 16 - 18, 2002). ACM International Conference Proceeding Series, vol. 30. South African Institute for Computer Scientists and Information Technologists, 141–148.Google Scholar
  13. Casey, Timothy. Threat Agent Library Helps Identify Information Security Risks. Available at:
  14. Rosenquist, Matt. Prioritizing Information Security Risks with Threat Agent Risk Assessment. Available at
  15. Cybenko, G., Giani, A., and Thompson, P. 2002. Cognitive Hacking: A Battle for the Mind. Computer 35, 8 (Aug. 2002), 50–56.CrossRefGoogle Scholar
  16. Chen, Y. 2007. Stakeholder Value Driven Threat Modeling for Off the Shelf Based Systems. In Companion To the Proceedings of the 29th international Conference on Software Engineering (May 20 - 26, 2007). International Conference on Software Engineering. IEEE Computer Society, Washington, DC, 91–92. DOI= Scholar
  17. Hasan, R., Sion, R., and Winslett, M. 2009. Preventing history forgery with secure provenance. Trans. Storage 5, 4 (Dec. 2009), 1–43.CrossRefGoogle Scholar
  18. Department of Homeland Security. Information Technology Sector Baseline Risk Assessment. August 2009. Available at:
  19. Maybury M., Chase P., Cheiker B., Brackney D., Matzner S., Hetherington T., et al. Analysis and detection of malicious insiders; 2005.Google Scholar
  20. Rosenquist, Matthew: Whitepaper: Prioritizing Information Security Risks with Threat Agent Risk Assessment. Available at:
  21. Thuraisingham, B. 2009. Data Mining for Malicious Code Detection and Security Applications. In Proceedings of the 2009 IEEE/WIC/ACM international Joint Conference on Web intelligence and intelligent Agent Technology - Volume 02 (September 15 - 18, 2009). Web Intelligence & Intelligent Agent. IEEE Computer Society, Washington, DC, 6–7.Google Scholar
  22. Walfish, M., Vutukuru, M., Balakrishnan, H., Karger, D., and Shenker, S. 2010. DDoS defense by offense. ACM Trans. Comput. Syst. 28, 1 (Mar. 2010), 1–54.CrossRefGoogle Scholar
  23. Walker, T. 2008. Practical management of malicious insider threat - An enterprise CSIRT perspective. Inf. Secur. Tech. Rep. 13, 4 (Nov. 2008), 225–234.CrossRefGoogle Scholar

Copyright information

© Vieweg+Teubner Verlag | Springer Fachmedien Wiesbaden GmbH 2011

Authors and Affiliations

  • Timothy Casey
  • Patrick Koeberl
  • Claire Vishik

There are no affiliations available

Personalised recommendations