Genetic Approximations for the Failure-Free Security Games
This paper deals with computational aspects of attack trees, more precisely, evaluating the expected adversarial utility in the failure-free game, where the adversary is allowed to re-run failed atomic attacks an unlimited number of times. It has been shown by Buldas and Lenin that exact evaluation of this utility is an NP-complete problem, so a computationally feasible approximation is needed. In this paper we consider a genetic approach for this challenge. Since genetic algorithms depend on a number of non-trivial parameters, we face a multi-objective optimization problem and we consider several heuristic criteria to solve it.
- 1.Vesely, W., Goldberg, F., Roberts, N., Haasl, D.: Fault tree handbook. US Government Printing Office: Systems and Reliability Research, Office of Nuclear Regulatory Research. U.S, Nuclear Regulatory Commission, January 1981Google Scholar
- 2.Weiss, J.D.: A system security engineering process. In: Proceedings of the 14th National Computer Security Conference, pp. 572–581 (1991)Google Scholar
- 3.Schneier, B.: Attack trees: modeling security threats. Dr. Dobb’s J. 24(12), 21–29 (1999)Google Scholar
- 9.Lenin, A., Willemson, J., Sari, D.P.: Attacker profiling in quantitative security assessment based on attack trees. In: Bernsmed, K., Fischer-Hübner, S. (eds.) NordSec 2014. LNCS, vol. 8788, pp. 199–212. Springer, Heidelberg (2014) Google Scholar
- 12.Lenin, A., Buldas, A.: Limiting adversarial budget in quantitative security assessment. In: Poovendran, R., Saad, W. (eds.) GameSec 2014. LNCS, vol. 8840, pp. 155–174. Springer, Heidelberg (2014) Google Scholar