Modeling Attack, Defense and Threat Trees and the Cyber Kill Chain, ATT&CK and STRIDE Frameworks as Blackboard Architecture Networks

Multiple techniques for modeling cybersecurity attacks and defense have been developed. The use of tree- structures as well as techniques proposed by several firms (such as Lockheed Martin’s Cyber Kill Chain, Microsoft’s STRIDE and the MITRE ATT&CK frameworks) have all been demonstrated. These approaches model actions that can be taken to attack or stopped to secure infrastructure and other resources, at different levels of detail.This paper builds on prior work on using the Blackboard Architecture for cyberwarfare and proposes a generalized solution for modeling framework/paradigm-based attacks that go beyond the deployment of a single exploit against a single identified target. The Blackboard Architecture Cyber Command Entity attack Route (BACCER) identification system combines rules and facts that implement attack type determination and attack decision making logic with actions that implement reconnaissance techniques and attack and defense actions. BACCER’s efficacy to model examples of tree-structures and other models is demonstrated herein.

[1]  Stefano Bistarelli,et al.  Defense trees for economic evaluation of security investments , 2006, First International Conference on Availability, Reliability and Security (ARES'06).

[2]  Hong Xu,et al.  A behaviour-based blackboard architecture for reactive and efficient task execution of an autonomous robot , 1997, Robotics Auton. Syst..

[3]  Christopher J. Taylor,et al.  Blackboard architecture for medical image interpretation , 1991, Medical Imaging.

[4]  Victor R. Lesser,et al.  The Hearsay-II Speech-Understanding System: Integrating Knowledge to Resolve Uncertainty , 1980, CSUR.

[5]  Indrajit Ray,et al.  Optimal security hardening using multi-objective optimization on attack tree models of networks , 2007, CCS '07.

[6]  Sakir Sezer,et al.  STRIDE-based threat modeling for cyber-physical systems , 2017, 2017 IEEE PES Innovative Smart Grid Technologies Conference Europe (ISGT-Europe).

[7]  Jeremy Straub Blackboard-Based Electronic Warfare System , 2015, CCS 2015.

[8]  Alex Goodall,et al.  The guide to expert systems , 1985 .

[9]  Barbara Hayes-Roth,et al.  A Blackboard Architecture for Control , 1985, Artif. Intell..

[10]  Zhengyou Xia,et al.  An adaptive adjusting mechanism for agent distributed blackboard architecture , 2005, Microprocess. Microsystems.

[11]  Stefano Bistarelli,et al.  Evaluation of complex security scenarios using defense trees and economic indexes , 2012, J. Exp. Theor. Artif. Intell..

[12]  Volker Sorge,et al.  A Blackboard Architecture for Guiding Interactive Proofs , 1998, AIMSA.

[13]  Huey-Der Chu,et al.  A Blackboard-based Decision Support Framework for Testing Client/Server Applications , 2012, 2012 Third World Congress on Software Engineering.

[14]  Dong Seong Kim,et al.  Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees , 2012, Secur. Commun. Networks.

[15]  Stefano Bistarelli,et al.  Strategic Games on Defense Trees , 2006, Formal Aspects in Security and Trust.

[16]  Jeremy Straub,et al.  Autonomous Distributed Electronic Warfare System of Systems , 2019, 2019 14th Annual Conference System of Systems Engineering (SoSE).

[17]  Muhammad Salman Khan,et al.  A Cognitive and Concurrent Cyber Kill Chain Model , 2018, Computer and Network Security Essentials.

[18]  Yuji Yamaoka,et al.  Threat Tree Templates to Ease Difficulties in Threat Modeling , 2011, 2011 14th International Conference on Network-Based Information Systems.

[19]  Wamberto Vasconcelos,et al.  The Ontology Versioning Manifold at its genesis: a distributed blackboard architecture for reasoning with and about ontology versions , 2004 .

[20]  J. A. Battaglia,et al.  Finding Cyber Threats with ATT&CK-Based Analytics , 2017 .