Optimal Adversary Behavior for the Serial Model of Financial Attack Trees

Attack tree analysis is used to estimate different parameters of general security threats based on information available for atomic sub-threats. We focus on estimating the expected gains of an adversary based on both the cost and likelihood of the subthreats. Such a multi-parameter analysis is considerably more complicated than separate probability or skill level estimation, requiring exponential time in general. However, this paper shows that under reasonable assumptions a completely different type of optimal substructure exists which can be harnessed into a linear-time algorithm for optimal gains estimation. More concretely, we use a decision-theoretic framework in which a rational adversary sequentially considers and performs the available attacks. The assumption of rationality serves as an upper bound as any irrational behavior will just hurt the end result of the adversary himself. We show that if the attacker considers the attacks in a goal-oriented way, his optimal expected gains can be computed in linear time. Our model places the least restrictions on adversarial behavior of all known attack tree models that analyze economic viability of an attack and, as such, provides for the best efficiently computable estimate for the potential reward.

[1]  Ken Frazer,et al.  Building secure software: how to avoid security problems the right way , 2002, SOEN.

[2]  Jan Willemson,et al.  Computing Exact Outcomes of Multi-parameter Attack Trees , 2008, OTM Conferences.

[3]  Ingo Wegener,et al.  Branching Programs and Binary Decision Diagrams , 1987 .

[4]  Sushil Jajodia,et al.  Topological analysis of network attack vulnerability , 2006, PST.

[5]  George Cybenko,et al.  Quantitative risk analysis of computer networks , 2003 .

[6]  Ahto Buldas,et al.  Practical Security Analysis of E-Voting Systems , 2007, IWSEC.

[7]  Ryoichi Sasaki,et al.  Advances in Information and Computer Security , 2010, Lecture Notes in Computer Science.

[8]  Duminda Wijesekera,et al.  Scalable, graph-based network vulnerability analysis , 2002, CCS '02.

[9]  Richard A. Raines,et al.  A framework for analyzing and mitigating the vulnerabilities of complex systems via attack and protection trees , 2007 .

[10]  Jan Willemson,et al.  Rational Choice of Security Measures Via Multi-parameter Attack Trees , 2006, CRITIS.

[11]  Jeanne H. Espedalen Attack Trees Describing Security in Distributed Internet-Enabled Metrology , 2007 .

[12]  I. Wegener Branching Programs and Binary Deci-sion Diagrams-Theory and Applications , 1987 .

[13]  Jan Willemson,et al.  Processing Multi-parameter Attacktrees with Estimated Parameter Values , 2007, IWSEC.

[14]  Richard P. Lippmann,et al.  An Annotated Review of Past Papers on Attack Graphs , 2005 .

[15]  Sjouke Mauw,et al.  Foundations of Attack Trees , 2005, ICISC.

[16]  Sushil Jajodia Topological analysis of network attack vulnerability , 2007, ASIACCS '07.

[17]  Jan Willemson,et al.  Serial Model for Attack Tree Computations , 2009, ICISC.

[18]  Finn V. Jensen,et al.  Bayesian Networks and Decision Graphs , 2001, Statistics for Engineering and Information Science.

[19]  Andrew P. Moore,et al.  Attack Modeling for Information Security and Survivability , 2001 .