Abstract
Cyber attacks are becoming increasingly complex, practically sophisticated and organized. Losses due to such attacks are important, varying from the loss of money to business reputation spoilage. Therefore, there is a great need for potential victims of cyber attacks to deploy security solutions that allow the identification and/or prediction of potential cyber attacks, and deploy defenses to face them. In this paper, we propose a framework that incorporates Attack-Defense trees (ADTrees) and Continuous Time Markov Chains (CTMCs) to systematically represent attacks, defenses, and their interaction. This solution allows to perform quantitative security assessment, with an aim to predict and/or identify attacks and find the best and appropriate defenses to reduce the impact of attacks.
The research leading to the results presented in this work received funding from the European Commission’s Seventh Framework Programme (FP7/2007–2013) under grant agreement number 318003 (TREsPASS) and Fonds National de la Recherche Luxembourg under the grant C13/IS/5809105 (ADT2P).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Abraham, S., Nair, S.: Predictive cyber-security analytics framework: a non-homogenous markov model for security quantification. arXiv preprint arXiv:1501.01901 (2015)
Arnold, F., Guck, D., Kumar, R., Stoelinga, M.: Sequential and parallel attack tree modelling. In: Koornneef, F., Gulijk, C. (eds.) SAFECOMP 2015. LNCS, vol. 9338, pp. 291–299. Springer, Heidelberg (2015). doi:10.1007/978-3-319-24249-1_25
Arnold, F., Hermanns, H., Pulungan, R., Stoelinga, M.: Time-dependent analysis of attacks. In: Abadi, M., Kremer, S. (eds.) POST 2014 (ETAPS 2014). LNCS, vol. 8414, pp. 285–305. Springer, Heidelberg (2014)
Bagnato, A., Kordy, B., Meland, P.H., Schweitzer, P.: Attribute decoration of attack-defense trees. Int. J. Secur. Softw. Eng. 3(2), 1–35 (2012)
Dalton II, G.C., Mills, R.F., Colombi, J.M., Raines, R.A.: Analyzing attack trees using generalized stochastic Petri nets. In: IEEE Information Assurance Workshop, pp. 116–123. IEEE (2006)
Gadyatskaya, O., Jhawar, R., Kordy, P., Lounis, K., Mauw, S., Trujillo-Rasua, R.: Attack trees for practical security assessment: ranking of attack scenarios with ADTool 2.0. In: Agha, G., Houdt, B. (eds.) QEST 2016. LNCS, vol. 9826, pp. 159–162. Springer, Heidelberg (2016). doi:10.1007/978-3-319-43425-4_10
Hughes, T., Sheyner, O.: Attack scenario graphs for computer network threat analysis and prediction. Complexity 9(2), 15–18 (2003)
Kordy, B., Kordy, P., Mauw, S., Schweitzer, P.: ADTool: security analysis with attack-defense trees (extended version). arXiv preprint arXiv:1305.6829 (2013)
Kordy, B., Mauw, S., Melissen, M., Schweitzer, P.: Attack–defense trees and two-player binary zero-sum extensive form games are equivalent. In: Alpcan, T., Buttyán, L., Baras, J.S. (eds.) GameSec 2010. LNCS, vol. 6442, pp. 245–256. Springer, Heidelberg (2010)
Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Foundations of attack–defense trees. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 80–95. Springer, Heidelberg (2011). doi:10.1007/978-3-642-19751-2_6
Kordy, B., Pouly, M., Schweitzer, P.: A probabilistic framework for security scenarios with dependent actions. In: Albert, E., Sekerinski, E. (eds.) IFM 2014. LNCS, vol. 8739, pp. 256–271. Springer, Heidelberg (2014)
Madan, B.B., Gogeva-Popstojanova, K, Vaidyanathan, K., Trivedi, K.S.: Modeling and quantification of security attributes of software systems. In: International Conference on Dependable Systems and Networks, pp. 505–514. IEEE (2002)
Markov, A.: Extension of the limit theorems of probability theory to a sum of variables connected in a chain. In: Howard, R. (ed.) Dynamic Probabilistic Systems (Volume I: Markov Models), pp. 552–577. Wiley, New York (1971)
Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006). doi:10.1007/11734727_17
Piètre-Cambacédès, L., Bouissou, M.: Beyond attack trees: dynamic security modeling with Boolean logic Driven Markov Processes (BDMP). In: European Dependable Computing Conference, pp. 199–208. IEEE (2010)
Pudar, S., Manimaran, G., Liu, C.-C.: PENET: a practical method and tool for integrated modeling of security attacks and countermeasures. Comput. Secur. 28(8), 754–771 (2009)
Roy, A., Kim, D.S., Trivedi, K.S.: Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees. Secur. Commun. Netw. 5(8), 929–943 (2012)
Stewart, W.J.: Introduction to the Numerical Solutions of Markov Chains. Princeton University Press, Princeton (1994)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Jhawar, R., Lounis, K., Mauw, S. (2016). A Stochastic Framework for Quantitative Analysis of Attack-Defense Trees. In: Barthe, G., Markatos, E., Samarati, P. (eds) Security and Trust Management. STM 2016. Lecture Notes in Computer Science(), vol 9871. Springer, Cham. https://doi.org/10.1007/978-3-319-46598-2_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-46598-2_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-46597-5
Online ISBN: 978-3-319-46598-2
eBook Packages: Computer ScienceComputer Science (R0)