Unified Parametrizable Attack Tree

Network attacks occur in high proportion on the internet, thus aside from security as a means of defense there is a need for being able to detect attacks as they occur so that measures can be put in place to tackle them. In this paper, we focus on attack trees as a tool to model attacks thereby facilitating attack detection. More precisely, we present a unified parametrizable attack tree; this can be applied for intrusion detection and can be instantiated to produce particular types of attack trees in literature.

[1]  Markus Schumacher,et al.  Collaborative attack modeling , 2002, SAC '02.

[2]  Richard F. Paige,et al.  Fault trees for security system design and analysis , 2003, Comput. Secur..

[3]  Sjouke Mauw,et al.  Foundations of Attack Trees , 2005, ICISC.

[4]  Jan Willemson,et al.  Rational Choice of Security Measures Via Multi-parameter Attack Trees , 2006, CRITIS.

[5]  Stefano Bistarelli,et al.  Defense trees for economic evaluation of security investments , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[6]  Shufen Liu,et al.  A Prediction Model of Insider Threat Based on Multi-agent , 2006, 2006 First International Symposium on Pervasive Computing and Applications.

[7]  Ronald R. Yager OWA trees and their role in security modeling using attack trees , 2006, Inf. Sci..

[8]  Jan Willemson,et al.  Processing Multi-parameter Attacktrees with Estimated Parameter Values , 2007, IWSEC.

[9]  Bülent Yener,et al.  Modeling and detection of complex attacks , 2007, 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007.

[10]  Indrajit Ray,et al.  Investigating Computer Attacks Using Attack Trees , 2007, IFIP Int. Conf. Digital Forensics.

[11]  Indrajit Ray,et al.  Optimal security hardening using multi-objective optimization on attack tree models of networks , 2007, CCS '07.

[12]  Michael R. Grimaila,et al.  The Use of Attack and Protection Trees to Analyze Security for an Online Banking System , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[13]  Sabrina Sicari,et al.  Risk assessment in practice: A real case study , 2008, Comput. Commun..

[14]  Robert J. Ellison,et al.  Attack Trees , 2009, Encyclopedia of Biometrics.

[15]  Parvaiz Ahmed Khand System level security modeling using attack trees , 2009, 2009 2nd International Conference on Computer, Control and Communication.

[16]  Jan Willemson,et al.  Serial Model for Attack Tree Computations , 2009, ICISC.

[17]  Raphael C.-W. Phan,et al.  Quality of detectability (QoD) and QoD-aware AAT-based attack detection , 2010, 2010 International Conference for Internet Technology and Secured Transactions.

[18]  Barbara Kordy,et al.  Foundations of Attack-Defense Trees , 2010, Formal Aspects in Security and Trust.

[19]  Raphael C.-W. Phan,et al.  Augmented Attack Tree Modeling of Distributed Denial of Services and Tree Based Attack Detection Method , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[20]  Dong Seong Kim,et al.  Cyber security analysis using attack countermeasure trees , 2010, CSIIRW '10.

[21]  Inger Anne Tøndel,et al.  Combining Misuse Cases with Attack Trees and Security Activity Models , 2010, 2010 International Conference on Availability, Reliability and Security.

[22]  Raphael C.-W. Phan,et al.  Augmented attack tree modeling of SQL injection attacks , 2010, 2010 2nd IEEE International Conference on Information Management and Engineering.