Paper Info
Title
Defining Security Primitives For Eliciting Flexible Attack Scenarios Through Capec Analysis
Abstract
Cyber-security refers to all approaches to protect cyberspace against cyber-attacks. In order to identify vulnerabilities and develop countermeasures against cyber-attacks, we should be able to reenact both cyber-attacks and defenses. Simulations can be useful for the reenactment by overcoming its limitations including high risk and cost. However, it is difficult to model a variety cyber-attacks making use of pre-developed simulation models, because there is a lack of theoretical basis for modeling cyber-security simulations. In addition, because most simulation models are developed according to their own simulation purposes, it is very difficult to use them as primitives for modeling of new behaviors of cyber-attacks. In this paper, we propose a method for defining behavior primitives for developing flexible attack scenarios by combining the primitives considering flows of cyber-attacks and defenses. We also develop the scenario as simulation models and the models can be executed on the discrete event simulation system. To elicit a new scenario all modeler need to do is to choose primitives from pools and combine them considering simulation purposes and security issues. To extract the possible primitive behaviors, we have analyzed and abstracted all attack patterns of CAPEC (Common Attack Pattern Enumeration and Classification) database.
Year
DOI
Venue
2014
10.1007/978-3-319-15087-1_29
INFORMATION SECURITY APPLICATIONS, WISA 2014
Keywords
Field
DocType
Cyber-security, Cyber-attack, Modeling and simulation, CAPEC (Common Attack Pattern Enumeration and Classification)
Attack patterns,Cyber-attack,Computer security,Modeling and simulation,Computer science,Simulation modeling,Discrete event simulation,Cyberspace,Vulnerability
Conference
Volume
ISSN
Citations 
8909
0302-9743
0
PageRank 
References 
Authors
0.34
6
2
Name
Order
Citations
PageRank
Ji-Yeon Kim100.34
Hyung-Jong Kim227827.13