Attack-Defense Trees and Two-Player Binary Zero-Sum Extensive Form Games Are Equivalent

Attack-defense trees are used to describe security weaknesses of a system and possible countermeasures. In this paper, the connection between attack-defense trees and game theory is made explicit. We show that attack-defense trees and binary zero-sum two-player extensive form game have equivalent expressive power when considering satisfiability, in the sense that they can be converted into each other while preserving their outcome and their internal structure

Improving Attack Trees Analysis using Petri Net modeling of Cyber-Attacks

Publisher Copyright: © 2019 IEEE.Cyber security is one general concern to all network-based organizations. In recent years, by significant increasing cyber-attacks in critical infrastructures (CIs) the need of smart prediction, awareness and protection systems is not deniable. The first step for security assessment is on recognizing and analyzing attacks. In this paper, one of the graphical security assessments named Attack Tree (AT) is used to illustrate one kind of cyber-attacks scenario in Industry 4.0 and the system's behavior is analyzed by Petri Nets.authorsversionpublishe

Attack-Graph Threat Modeling Assessment of Ambulatory Medical Devices

The continued integration of technology into all aspects of society stresses the need to identify and understand the risk associated with assimilating new technologies. This necessity is heightened when technology is used for medical purposes like ambulatory devices that monitor a patient’s vital signs. This integration creates environments that are conducive to malicious activities. The potential impact presents new challenges for the medical community. \ \ Hence, this research presents attack graph modeling as a viable solution to identifying vulnerabilities, assessing risk, and forming mitigation strategies to defend ambulatory medical devices from attackers. Common and frequent vulnerabilities and attack strategies related to the various aspects of ambulatory devices, including Bluetooth enabled sensors and Android applications are identified in the literature. Based on this analysis, this research presents an attack graph modeling example on a theoretical device that highlights vulnerabilities and mitigation strategies to consider when designing ambulatory devices with similar components.

A Stochastic Framework for Quantitative Analysis of Attack-Defense Trees

Cyber attacks are becoming increasingly complex, practically sophisticated and organized. Losses due to such attacks are important, varying from the loss of money to business reputation spoilage. Therefore, there is a great need for potential victims of cyber attacks to deploy security solutions that allow the identification and/or prediction of potential cyber attacks, and deploy defenses to face them. In this paper, we propose a framework that incorporates Attack-Defense trees (ADTrees) and Continuous Time Markov Chains (CTMCs) to systematically represent attacks, defenses, and their interaction. This solution allows to perform quantitative security assessment, with an aim to predict and/or identify attacks and find the best and appropriate defenses to reduce the impact of attacks

Managing Security Risks Using Attack-Defense Trees

Nagu mujal valdkondades, kasvab tänapäeval vajadus turvalisuse järele, nii ka ärimaailmas. Käesolev magistritöö üritab seda probleemi lahendada kasutades riskianalüüsi diagrammi mudelit, mida inglise keeles nimetatakse Attack Tree.ISSRM (Information System Security Risk Managment) on mudel, mis käsitleb kõiki olulisi riskianalüüsi aspekte, on lihtsalt arusaadav ja annab olukorrast kiire ülevaate. Laiendustena on olemas mõned sellised riskianalüüsi diagrammid, kuid ükski neist pole võimeline käsitlema kõiki võimalikke ohuolukordi. See paneb diagrammi kasutamisele piirid, kuna ei arvesta võimalikke vastumeetmeid ohtudele, ega ohuallika profiili.Antud magistritöö pakub sellele probleemile kolmeosalist lahendust.1. luua sild riskianalüüsi puu osast, mis käsitleb kaitsetehnikaid (Attack Defence Tree), kuni ISSRM mudelini;2. arvestades minevikus ette tulnud riske, riskifaktorite tõenäolisuse ja nendega seotud kulutuste mõõteparameetrite väljatöötamine;3. tööriista kasutamine, mis on välja töötatud antud riskianalüüsipuu abil.Selliselt loodud sild aitab leida veel avastamata aspekte riskianalüüsi puus. Lisades sellise laienduse, on riskianalüüsi puu täielikum ja muudab ISSRM-i mudeli mitmekülgsemaks. Selleks, et riske paremini analüüsida, on kasulik arvestada ka minevikus ette tulnud ohte ning neid matemaatiliselt uurida tõenäolisuse aspektist, et minimeerida sarnaste ohuolukordade taastekkimise tõenäosust. Magistritöö tegemise käigus välja töötatud tööriist (Aligned Attack-Defense Tree or A-ADTree) on võimekam riski tõenäosusele hinnangu andmisel teistest juba olemasolevatest versioonidest. Antud tööriist annab riskianalüüsi hindajatele rohkem võimalusi võimalike ohuolukordade lahendamiseks ja ennetamiseks. Kuna siin kasutatud modelleerimiskeeled on juba sobitatud ISSRM mudeliga, võimaldab antud töös välja töötatud laiendus luua enam seoseid selle ning teiste modelleerimiskeelte (nt Secure BPMN, Misuse-case diagram, Secure TROPOS, and Mal-Activity diagram) vahel ka tulevikus.Nowadays there is an increasing demand for answering the security needs in systematic ways. The In this thesis, we have addressed risk management using Attack Tree.Information System Security Risk Management (ISSRM) is a model which covers all the important concepts in risk management. Also, attack trees are simple and efficient tools for showing the risks. There are few extensions of attack trees, but none of them covers all risk concepts. The said problem limited the usage of attack tree model since it does not consider important measures such as countermeasures, or threat agent’s profile.The contribution to resolve the problem in this thesis includes three steps. Obtaining an alignment from Attack-Defense trees to ISSRM. Measurement of the metrics of the nodes of tree using historical dataImplementation of a tool based on obtained tree.Using the alignment, we have detected the uncovered concepts in Attack-Defense tree. Then we tried to add these concepts to the current Attack-Defense tree. Therefore, the new Attack-Defense tree (called Aligned Attack-Defense tree or A-ADTree) covers most important concepts of ISSRM. In order to measure the risk, we have proposed a mathematical model to evaluate the probability of the nodes in the tree, based on historical data. Then, implemented tool helps to materialize the effect of threat agent’s profile, and countermeasures on the risks. The result of implemented tool shows, the obtained A-ADTree has more capabilities (in the evaluation of the probability of risk) in comparison to previous versions. This solution is capable of giving more hints for the project managers when they are deciding about possible solutions in industries. Additionally, this alignment helps to obtain another alignment between A-ADTree and the other modeling languages in future, since these modeling languages are already aligned to ISSRM

DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees

This paper presents the current state of the art on attack and defense modeling approaches that are based on directed acyclic graphs (DAGs). DAGs allow for a hierarchical decomposition of complex scenarios into simple, easily understandable and quantifiable actions. Methods based on threat trees and Bayesian networks are two well-known approaches to security modeling. However there exist more than 30 DAG-based methodologies, each having different features and goals. The objective of this survey is to present a complete overview of graphical attack and defense modeling techniques based on DAGs. This consists of summarizing the existing methodologies, comparing their features and proposing a taxonomy of the described formalisms. This article also supports the selection of an adequate modeling technique depending on user requirements