Abstract
This paper presents an efficient numerical analysis of the time dependence of the attacker’s success in an attack tree. The leaves of the attack tree associated with the basic attack steps are annotated with finite discrete probability distributions. By a bottom-up approach, the output distributions of the gates, and finally the output distribution at the root of the attack tree is computed. The algorithmic complexities of the gate functions depend on the number of bins of the input distributions. Since the number of bins may increase rapidly due to the successive applications of the gate function, we aim to control the sizes of the input distributions. By using the stochastic ordering and the stochastic monotonicity, we analyze the underlying attack tree by constructing the reduced-size upper and lower distributions. Thus at the root of the attack tree, we compute the bounding distributions of the time when the system would be compromised. The main advantage of this approach is the possibility to have a tradeoff between the accuracy of the bounds and the algorithmic complexity. For a given time t, we can compute the bounds on the probability for the attacker’s success at time t. The time-dependent behavior of attacks is important to have insights on the security of the system and to develop effective countermeasures.
This work was partially supported by grant ANR MARMOTE (ANR-12-MONU-0019).
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Aït-Salaht, F., Castel-Taleb, H., Fourneau, J.-M., Pekergin, N.: Stochastic bounds and histograms for network performance analysis. In: Balsamo, M.S., Knottenbelt, W.J., Marin, A. (eds.) EPEW 2013. LNCS, vol. 8168, pp. 13–27. Springer, Heidelberg (2013)
Arnold, F., Hermanns, H., Pulungan, R., Stoelinga, M.: Time-dependent analysis of attacks. In: Abadi, M., Kremer, S. (eds.) POST 2014 (ETAPS 2014). LNCS, vol. 8414, pp. 285–305. Springer, Heidelberg (2014)
Fourneau, J.M., Pekergin, N.: A numerical analysis of dynamic fault trees based on stochastic bounds. In: Campos, J., Haverkort, B.R. (eds.) QEST 2015. LNCS, vol. 9259, pp. 176–191. Springer, Heidelberg (2015)
Jhawar, R., Kordy, B., Mauw, S., Radomirović, S., Trujillo-Rasua, R.: Attack trees with sequential conjunction. In: Federrath, H., Gollmann, D., Chakravarthy, S.R. (eds.) SEC 2015. IFIP AICT, vol. 455, pp. 339–353. Springer, Heidelberg (2015). doi:10.1007/978-3-319-18467-8_23
Kordy, B., Piètre-Cambacédès, L., Schweitzer, P.: DAG-based attack and defense modeling: don’t miss the forest for the attack trees. Comput. Sci. Rev. 13–14, 1–38 (2014)
Muller, A., Stoyan, D.: Comparison Methods for Stochastic Models and Risks. Wiley, New York (2002)
Nielsen, J.R.: Evaluating information assurance control effectiveness on an air force supervisory control and data. Master’s thesis, Air Force Institute of Technology (2011)
Piètre-Cambacédès, L., Bouissou, M.: Attack and defense modeling with BDMP. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2010. LNCS, vol. 6258, pp. 86–101. Springer, Heidelberg (2010)
Piètre-Cambacédès, L., Bouissou, M.: Cross-fertilization between safety and security engineering. Rel. Eng. Sys. Safety 110, 110–126 (2013)
Schneier, B.: Attack trees: modeling security threats. Dr. Dobbs J. Softw. Tools 24(12), 21–29 (1999)
Siwar Kriaa, L.P., Bouissou, M.: Modeling the stuxnet attack with BDMP: towards more formal risk assessments. In: 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS), Cork, Ireland, 10–12 October 2012, pp. 1–8. IEEE (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Pekergin, N., Tan, S., Fourneau, JM. (2016). Quantitative Attack Tree Analysis: Stochastic Bounds and Numerical Analysis. In: Kordy, B., Ekstedt, M., Kim, D. (eds) Graphical Models for Security. GraMSec 2016. Lecture Notes in Computer Science(), vol 9987. Springer, Cham. https://doi.org/10.1007/978-3-319-46263-9_8
Download citation
DOI: https://doi.org/10.1007/978-3-319-46263-9_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-46262-2
Online ISBN: 978-3-319-46263-9
eBook Packages: Computer ScienceComputer Science (R0)