Paper Info
Title
Calculating Adversarial Risk From Attack Trees: Control Strength And Probabilistic Attackers
Abstract
Attack trees are a well-known formalism for quantitative analysis of cyber attacks consisting of multiple steps and alternative paths. It is possible to derive properties of the overall attacks from properties of individual steps, such as cost for the attacker and probability of success. However, in existing formalisms, such properties are considered independent. For example, investing more in an attack step would not increase the probability of success. As this seems counterintuitive, we introduce a framework for reasoning about attack trees based on the notion of control strength, annotating nodes with a function from attacker investment to probability of success. Calculation rules on such trees are defined to enable analysis of optimal attacker investment. Our second result consists of the translation of optimal attacker investment into the associated adversarial risk, yielding what we call adversarial risk trees. The third result is the introduction of probabilistic attacker strategies, based on the fitness (utility) of available scenarios. Together these contributions improve the possibilities for using attack trees in adversarial risk analysis.
Year
DOI
Venue
2014
10.1007/978-3-319-17016-9_13
DATA PRIVACY MANAGEMENT, AUTONOMOUS SPONTANEOUS SECURITY, AND SECURITY ASSURANCE
Keywords
Field
DocType
Adversarial risk analysis, Attack trees, Attacker models, Control strength, Fitness functions, Security metrics, Simulation
Data mining,Counterintuitive,Risk analysis (business),Theoretical computer science,Formalism (philosophy),Probabilistic logic,Engineering,Rotation formalisms in three dimensions,Adversarial system
Conference
Volume
ISSN
Citations 
8872
0302-9743
4
PageRank 
References 
Authors
0.47
13
2
Name
Order
Citations
PageRank
Wolter Pieters140.47
Mohsen Davarynejad2616.81