Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Security Practice and Experience

ISPEC 2010: Information Security, Practice and Experience pp 56–66Cite as

On Fast and Approximate Attack Tree Computations

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6047))

Abstract

In this paper we address the problem of inefficiency of exact attack tree computations. We propose several implementation-level optimizations and introduce a genetic algorithm for fast approximate computations. Our experiments show that for attack trees having less than 30 leaves, the confidence level of 89% can be achieved within 2 seconds using this algorithm. The approximation scales very well and attack trees of practical size (up to 100 leaves) can be analyzed within a few minutes.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Vesely, W., Goldberg, F., Roberts, N., Haasl, D.: Fault Tree Handbook. US Government Printing Office, Systems and Reliability Research, January, Office of Nuclear Regulatory Research, U.S. Nuclear Regulatory Commission (1981)

    Google Scholar 

  2. Weiss, J.D.: A system security engineering process. In: Proceedings of the 14th National Computer Security Conference, pp. 572–581 (1991)

    Google Scholar 

  3. Schneier, B.: Attack trees: Modeling security threats. Dr. Dobb’s Journal 24(12), 21–29 (1999)

    Google Scholar 

  4. Schneier, B.: Secrets & Lies. Digital Security in a Networked World. John Wiley & Sons, Chichester (2000)

    Google Scholar 

  5. Convery, S., Cook, D., Franz, M.: An attack tree for the border gateway protocol. IETF Internet draft (February 2004), http://www.ietf.org/proceedings/04aug/I-D/draft-ietf-rpsec-bgpattack-00.txt

  6. Byres, E., Franz, M., Miller, D.: The use of attack trees in assessing vulnerabilities in SCADA systems. In: International Infrastructure Survivability Workshop (IISW 2004). IEEE, Lisbon (2004)

    Google Scholar 

  7. Buldas, A., Mägi, T.: Practical security analysis of e-voting systems. In: Miyaji, A., Kikuchi, H., Rannenberg, K. (eds.) IWSEC 2007. LNCS, vol. 4752, pp. 320–335. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  8. Edge, K.S.: A Framework for Analyzing and Mitigating the Vulnerabilities of Complex Systems via Attack and Protection Trees. PhD thesis, Air Force Institute of Technology, Ohio (2007)

    Google Scholar 

  9. Espedahlen, J.H.: Attack trees describing security in distributed internet-enabled metrology. Master’s thesis, Department of Computer Science and Media Technology, Gjøvik University College (2007)

    Google Scholar 

  10. Moore, A.P., Ellison, R.J., Linger, R.C.: Attack modeling for information security and survivability. Technical Report CMU/SEI-2001-TN-001, Software Engineering Institute (2001)

    Google Scholar 

  11. Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  12. Buldas, A., Laud, P., Priisalu, J., Saarepera, M., Willemson, J.: Rational Choice of Security Measures via Multi-Parameter Attack Trees. In: López, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 235–248. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  13. Jürgenson, A., Willemson, J.: Processing multi-parameter attacktrees with estimated parameter values. In: Miyaji, A., Kikuchi, H., Rannenberg, K. (eds.) IWSEC 2007. LNCS, vol. 4752, pp. 308–319. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  14. Jürgenson, A., Willemson, J.: Computing exact outcomes of multi-parameter attack trees. In: Meersman, R., Tari, Z. (eds.) OTM 2008, Part II. LNCS, vol. 5332, pp. 1036–1051. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  15. Davis, M., Logemann, G., Loveland, D.: A machine program for theorem proving. Communications of the ACM 5(7), 394–397 (1962)

    Article  MATH  MathSciNet  Google Scholar 

  16. Kutzkov, K.: New upper bound for the #3-sat problem. Inf. Process. Lett. 105(1), 1–5 (2007)

    Article  MathSciNet  Google Scholar 

  17. Kozen, D.: The design and analysis of algorithms. Springer, Heidelberg (1992)

    Google Scholar 

  18. Goldberg, D.E.: Genetic Algorithms in Search, Optimization and Machine Learning. Addison-Wesley Longman Publishing Co., Inc, Boston (1989)

    MATH  Google Scholar 

  19. Jürgenson, A., Willemson, J.: Serial model for attack tree computations. In: Proceedings of ICISC 2009 (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Tallinn University of Technology, Raja 15, Tallinn, 12618, Estonia

    Aivo Jürgenson

  2. Cybernetica, Akadeemia 21, Tallinn, 12618, Estonia

    Aivo Jürgenson

  3. Cybernetica, Aleksandri 8a, Tartu, 51004, Estonia

    Jan Willemson

Authors
  1. Aivo Jürgenson
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jan Willemson
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Information Security Engineering, Soonchunhyang University, 646 Eupnae-ri, Shinchang-myun, Asan-si, 336-745, Chungcheongnam-do, Korea

    Jin Kwak

  2. School of Information Systems, Singapore Management University, 469 Bukit Timah Road, 259756, Singapore

    Robert H. Deng

  3. Internet and Security Policy Division, Korea Internet and Security Agency, Daedong B/D, Garak-dong 79-3, Songpa-gu, 138-950, Seoul, Korea

    Yoojae Won

  4. School of Computer Science, University of Birmingham, B15 2TT, Birmingham, UK

    Guilin Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Jürgenson, A., Willemson, J. (2010). On Fast and Approximate Attack Tree Computations. In: Kwak, J., Deng, R.H., Won, Y., Wang, G. (eds) Information Security, Practice and Experience. ISPEC 2010. Lecture Notes in Computer Science, vol 6047. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12827-1_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-12827-1_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-12826-4

  • Online ISBN: 978-3-642-12827-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation