Abstract
When designing secure information systems, a profound understanding of the threats that they are exposed to is indispensable. Today’s most severe risks come from malicious threat agents exploiting a variety of attack vectors to achieve their goals, rather than from random opportunistic threats such as malware. Most security analyses, however, focus on fixing technical weaknesses, but do not account for sophisticated combinations of attack mechanisms and heterogeneity in adversaries’ motivations, resources, capabilities, or points of access. In order to address these shortcomings and, thus, to provide security analysts with a tool that makes it possible to also identify emergent weaknesses that may arise from dynamic interactions of attacks, we have combined rich conceptual modeling of security knowledge with attack graph generation and discrete-event simulation techniques. This paper describes the prototypical implementation of the resulting security analysis tool and demonstrates how it can be used for an experimental evaluation of a system’s resilience against various adversaries.
Similar content being viewed by others
Notes
A detail of an example graph is included in the Appendix.
Protégé: http://protege.stanford.edu.
JUNG2: http://jung.sourceforge.net.
References
Ammann P, Wijesekera D, Kaushik S (2002) Scalable, graph-based network vulnerability analysis. In: Proceedings of the 9th ACM conference on computer and communications security, pp 217–224. ACM
Bistarelli S, Dall’Aglio M, Peretti P (2007) Strategic games on defense trees. In: Formal aspects in security and trust (LNCS 4691), pp 1–15. Springer
BSI: BSI-Standards. Technical report, German Federal Office for Information Security (2013). https://www.bsi.bund.de/EN/Publications/BSIStandards
Buldas A, Laud P, Priisalu J, Saarepera M, Willemson J (2006) Rational choice of security measures via multi-parameter attack trees. In: First international workshop on critical information infrastructures security (LNCS 4347), pp 235–248. Springer
Chi SD, Park JS, Jung KC, Lee JS (2001) Network security modeling and cyber attack simulation methodology. In: Proceedings of 6th Australasian conference (LNCS 2119), pp 320–333. Springer
Cohen F (1999) Simulating cyber attacks, defences, and consequences. Comput Secur 18(6):479–518
Dahl OM, Wolthusen SD (2006) Modeling and execution of complex attack scenarios using interval timed colored Petri nets. In: Proceedings of the fourth IEEE international workshop on information assurance, pp 157–168. IEEE
Dalton GC, Mills RF, Colombi JM, Raines RA (2006) Analyzing attack trees using generalized stochastic Petri nets. In: IEEE information assurance workshop, pp 116–123. IEEE
Fenz S, Ekelhart A (2009) Formalizing information security knowledge. In: Proceedings of the 4th ACM symposium on information, computer, and communications security, pp 183–194. ACM
Franqueira VNL, Lopes RHC, van Eck P (2009) Multi-step attack modelling and simulation (MsAMS) framework based on mobile ambients. In: Proceedings of the 2009 ACM symposium on applied computing, pp 66–73. ACM
Gómez-Pérez A, Fernández-López M, Corcho O (2004) Ontological engineering. Springer, Berlin
Hevner AR, March ST, Ram S (2004) Design science in information systems research. MIS Q 28(1):75–105
ISO: ISO/IEC 27001: 2013 information technology—security techniques—information management systems—requirements. Technical report, International Organization for Standardization/International Electrotechnical Commission (2013). http://www.iso.org/
Jürgenson A, Willemson J (2008) Computing exact outcomes of multi-parameter attack trees. In: On the move to meaningful internet systems (LNCS 5332), pp 1036–1051. Springer
Liu P, Zang W, Yu M (2005) Incentive-based modeling and inference of attacker intent, objectives, and strategies. ACM Trans Inf Syst Secur 8(1):78–118
Ma Z, Smith P (2013) Determining risks from advanced multi-step attacks to critical information infrastructures. In: Luiijf E, Hartel P (eds) Critical information infrastructures security (LNCS 8328), pp 142–154. Springer
Mauw S, Oostdijk M (2006) Foundations of attack trees. In: Revised selected papers of the 8th information security and cryptology 2005 (LNCS 3935), pp 186–198. Springer
Mell P, Scarfone K, Romanosky S (2007) A complete guide to the common vulnerability scoring system version 2.0. NIST and Carnegie Mellon University
MITRE: Common attack pattern enumeration and classification (CAPEC) (2014). http://capec.mitre.org/
MITRE: Common vulnerabilities and exposures (2014). https://cve.mitre.org/
Moore A (2001) Attack modeling for information security and survivability. Technical report, DTIC Document
Neubauer T, Stummer C, Weippl E (2006) Workshop-based multiobjective security safeguard selection. In: Proceedings of the first international conference on availability, reliability and security, pp 1–8. IEEE
NIST: Special publication 800–39: Managing information security risk: Organization, mission, and information system view. Technical report, NIST Computer Security Division (2011)
Ou X, Boyer WF, McQueen MA (2006) A scalable approach to attack graph generation. In: Proceedings of the 13th ACM conference on computer and communications security, pp 336–345. ACM
OWASP Foundation: Open web application security project (2014). https://www.owasp.org/
Panchenko A, Pimenidis L (2006) Towards practical attacker classification for risk analysis in anonymous communication. In: Proceedings of the 10th IFIP TC-6 TC-11 international conference on communications and multimedia security (LNCS 4237), pp 240–251. Springer
Pieters W (2011) Representing humans in system security models: an actor-network approach. J Wirel Mobile Netw Ubiquitous Comput Dependable Appl 2(1):75–92
Ritchey RW, Ammann P (2000) Using model checking to analyze network vulnerabilities. In: Proceedings of the IEEE symposium on security and privacy, pp 156–165. IEEE
Sallhammar K, Helvik BE, Knapskog SJ (2005). Incorporating attacker behavior in stochastic models of security. In: Arabnia HR (ed) Proceedings of the international conference on security and management, pp 79–85. CSREA Press
Sawilla RE, Ou X (2008) Identifying critical attack assets in dependency attack graphs. In: Proceedings of the 13th European symposium on research in computer security (LNCS 5283), pp 18–34. Springer
Schneier B (2000) Secrets and Lies: Digital security in a networked world. Wiley, London
Stojanovic L, Schneider J, Maedche A, Libischer S, Studer R, Lumpp T, Abecker A, Breiter G, Dinger J (2004) The role of ontologies in autonomic computing systems. IBM Syst J 43(3):598–616
Strauss C, Stummer C (2002) Multiobjective decision support in IT-risk management. Int J Inf Technol Decis Mak 2(1):251–268
Wang L, Singhal A, Jajodia S (2007) Measuring the overall security of network configurations using attack graphs. In: Proceedings of the 21st annual IFIP WG 11.3 working conference on data and applications security (LNCS 4602), pp 98–112. Springer
Acknowledgments
The work presented in this paper was performed in the course of the research project “MOSES3” that is funded by the Austrian Science Fund (FWF) by Grant No. P23122-N23. The research was carried out at Secure Business Austria, a COMET K1 program competence center supported by FFG, the Austrian Research Promotion Agency.
Author information
Authors and Affiliations
Corresponding author
Appendix
Appendix
See Fig. 7.
Rights and permissions
About this article
Cite this article
Ekelhart, A., Kiesling, E., Grill, B. et al. Integrating attacker behavior in IT security analysis: a discrete-event simulation approach. Inf Technol Manag 16, 221–233 (2015). https://doi.org/10.1007/s10799-015-0232-6
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10799-015-0232-6