Skip to main content
SpringerLink
Log in

Integrating attacker behavior in IT security analysis: a discrete-event simulation approach

  • Published:
Information Technology and Management Aims and scope Submit manuscript

Abstract

When designing secure information systems, a profound understanding of the threats that they are exposed to is indispensable. Today’s most severe risks come from malicious threat agents exploiting a variety of attack vectors to achieve their goals, rather than from random opportunistic threats such as malware. Most security analyses, however, focus on fixing technical weaknesses, but do not account for sophisticated combinations of attack mechanisms and heterogeneity in adversaries’ motivations, resources, capabilities, or points of access. In order to address these shortcomings and, thus, to provide security analysts with a tool that makes it possible to also identify emergent weaknesses that may arise from dynamic interactions of attacks, we have combined rich conceptual modeling of security knowledge with attack graph generation and discrete-event simulation techniques. This paper describes the prototypical implementation of the resulting security analysis tool and demonstrates how it can be used for an experimental evaluation of a system’s resilience against various adversaries.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

Notes

  1. A detail of an example graph is included in the Appendix.

  2. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5815.

  3. Protégé: http://protege.stanford.edu.

  4. http://owlapi.sourceforge.net.

  5. JUNG2: http://jung.sourceforge.net.

  6. MASON: http://cs.gmu.edu/~eclab/projects/mason.

References

  1. Ammann P, Wijesekera D, Kaushik S (2002) Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM conference on computer and communications security, pp 217–224. ACM

  2. Bistarelli S, Dall’Aglio M, Peretti P (2007) Strategic games on defense trees. In: Formal aspects in security and trust (LNCS 4691), pp 1–15. Springer

  3. BSI: BSI-Standards. Technical report, German Federal Office for Information Security (2013). https://www.bsi.bund.de/EN/Publications/BSIStandards

  4. Buldas A, Laud P, Priisalu J, Saarepera M, Willemson J (2006) Rational choice of security measures via multi-parameter attack trees. In: First international workshop on critical information infrastructures security (LNCS 4347), pp 235–248. Springer

  5. Chi SD, Park JS, Jung KC, Lee JS (2001) Network security modeling and cyber attack simulation methodology. In: Proceedings of 6th Australasian conference (LNCS 2119), pp 320–333. Springer

  6. Cohen F (1999) Simulating cyber attacks, defences, and consequences. Comput Secur 18(6):479–518

    Article  Google Scholar 

  7. Dahl OM, Wolthusen SD (2006) Modeling and execution of complex attack scenarios using interval timed colored Petri nets. In: Proceedings of the fourth IEEE international workshop on information assurance, pp 157–168. IEEE

  8. Dalton GC, Mills RF, Colombi JM, Raines RA (2006) Analyzing attack trees using generalized stochastic Petri nets. In: IEEE information assurance workshop, pp 116–123. IEEE

  9. Fenz S, Ekelhart A (2009) Formalizing information security knowledge. In: Proceedings of the 4th ACM symposium on information, computer, and communications security, pp 183–194. ACM

  10. Franqueira VNL, Lopes RHC, van Eck P (2009) Multi-step attack modelling and simulation (MsAMS) framework based on mobile ambients. In: Proceedings of the 2009 ACM symposium on applied computing, pp 66–73. ACM

  11. Gómez-Pérez A, Fernández-López M, Corcho O (2004) Ontological engineering. Springer, Berlin

    Google Scholar 

  12. Hevner AR, March ST, Ram S (2004) Design science in information systems research. MIS Q 28(1):75–105

    Google Scholar 

  13. ISO: ISO/IEC 27001: 2013 information technology—security techniques—information management systems—requirements. Technical report, International Organization for Standardization/International Electrotechnical Commission (2013). http://www.iso.org/

  14. Jürgenson A, Willemson J (2008) Computing exact outcomes of multi-parameter attack trees. In: On the move to meaningful internet systems (LNCS 5332), pp 1036–1051. Springer

  15. Liu P, Zang W, Yu M (2005) Incentive-based modeling and inference of attacker intent, objectives, and strategies. ACM Trans Inf Syst Secur 8(1):78–118

    Article  Google Scholar 

  16. Ma Z, Smith P (2013) Determining risks from advanced multi-step attacks to critical information infrastructures. In: Luiijf E, Hartel P (eds) Critical information infrastructures security (LNCS 8328), pp 142–154. Springer

  17. Mauw S, Oostdijk M (2006) Foundations of attack trees. In: Revised selected papers of the 8th information security and cryptology 2005 (LNCS 3935), pp 186–198. Springer

  18. Mell P, Scarfone K, Romanosky S (2007) A complete guide to the common vulnerability scoring system version 2.0. NIST and Carnegie Mellon University

  19. MITRE: Common attack pattern enumeration and classification (CAPEC) (2014). http://capec.mitre.org/

  20. MITRE: Common vulnerabilities and exposures (2014). https://cve.mitre.org/

  21. Moore A (2001) Attack modeling for information security and survivability. Technical report, DTIC Document

  22. Neubauer T, Stummer C, Weippl E (2006) Workshop-based multiobjective security safeguard selection. In: Proceedings of the first international conference on availability, reliability and security, pp 1–8. IEEE

  23. NIST: Special publication 800–39: Managing information security risk: Organization, mission, and information system view. Technical report, NIST Computer Security Division (2011)

  24. Ou X, Boyer WF, McQueen MA (2006) A scalable approach to attack graph generation. In: Proceedings of the 13th ACM conference on computer and communications security, pp 336–345. ACM

  25. OWASP Foundation: Open web application security project (2014). https://www.owasp.org/

  26. Panchenko A, Pimenidis L (2006) Towards practical attacker classification for risk analysis in anonymous communication. In: Proceedings of the 10th IFIP TC-6 TC-11 international conference on communications and multimedia security (LNCS 4237), pp 240–251. Springer

  27. Pieters W (2011) Representing humans in system security models: an actor-network approach. J Wirel Mobile Netw Ubiquitous Comput Dependable Appl 2(1):75–92

    Google Scholar 

  28. Ritchey RW, Ammann P (2000) Using model checking to analyze network vulnerabilities. In: Proceedings of the IEEE symposium on security and privacy, pp 156–165. IEEE

  29. Sallhammar K, Helvik BE, Knapskog SJ (2005). Incorporating attacker behavior in stochastic models of security. In: Arabnia HR (ed) Proceedings of the international conference on security and management, pp 79–85. CSREA Press

  30. Sawilla RE, Ou X (2008) Identifying critical attack assets in dependency attack graphs. In: Proceedings of the 13th European symposium on research in computer security (LNCS 5283), pp 18–34. Springer

  31. Schneier B (2000) Secrets and Lies: Digital security in a networked world. Wiley, London

    Google Scholar 

  32. Stojanovic L, Schneider J, Maedche A, Libischer S, Studer R, Lumpp T, Abecker A, Breiter G, Dinger J (2004) The role of ontologies in autonomic computing systems. IBM Syst J 43(3):598–616

    Article  Google Scholar 

  33. Strauss C, Stummer C (2002) Multiobjective decision support in IT-risk management. Int J Inf Technol Decis Mak 2(1):251–268

    Article  Google Scholar 

  34. Wang L, Singhal A, Jajodia S (2007) Measuring the overall security of network configurations using attack graphs. In: Proceedings of the 21st annual IFIP WG 11.3 working conference on data and applications security (LNCS 4602), pp 98–112. Springer

Download references

Acknowledgments

The work presented in this paper was performed in the course of the research project “MOSES3” that is funded by the Austrian Science Fund (FWF) by Grant No. P23122-N23. The research was carried out at Secure Business Austria, a COMET K1 program competence center supported by FFG, the Austrian Research Promotion Agency.

Author information

Authors and Affiliations

  1. Secure Business Austria, Vienna, Austria

    Andreas Ekelhart & Bernhard Grill

  2. Vienna University of Technology, Vienna, Austria

    Elmar Kiesling

  3. University of Vienna, Vienna, Austria

    Christine Strauss

  4. Bielefeld University, Bielefeld, Germany

    Christian Stummer

Authors
  1. Andreas Ekelhart
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Elmar Kiesling
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bernhard Grill
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Christine Strauss
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Christian Stummer
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Christian Stummer.

Appendix

Appendix

See Fig. 7.

Fig. 7
figure 7

Abstract attack graph (detail)

Full size image

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ekelhart, A., Kiesling, E., Grill, B. et al. Integrating attacker behavior in IT security analysis: a discrete-event simulation approach. Inf Technol Manag 16, 221–233 (2015). https://doi.org/10.1007/s10799-015-0232-6

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10799-015-0232-6

Keywords

Search

Navigation