International Conference on Decision and Game Theory for Security

Decision and Game Theory for Security pp 311-321 | Cite as

Genetic Approximations for the Failure-Free Security Games

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9406)


This paper deals with computational aspects of attack trees, more precisely, evaluating the expected adversarial utility in the failure-free game, where the adversary is allowed to re-run failed atomic attacks an unlimited number of times. It has been shown by Buldas and Lenin that exact evaluation of this utility is an NP-complete problem, so a computationally feasible approximation is needed. In this paper we consider a genetic approach for this challenge. Since genetic algorithms depend on a number of non-trivial parameters, we face a multi-objective optimization problem and we consider several heuristic criteria to solve it.


  1. 1.
    Vesely, W., Goldberg, F., Roberts, N., Haasl, D.: Fault tree handbook. US Government Printing Office: Systems and Reliability Research, Office of Nuclear Regulatory Research. U.S, Nuclear Regulatory Commission, January 1981Google Scholar
  2. 2.
    Weiss, J.D.: A system security engineering process. In: Proceedings of the 14th National Computer Security Conference, pp. 572–581 (1991)Google Scholar
  3. 3.
    Schneier, B.: Attack trees: modeling security threats. Dr. Dobb’s J. 24(12), 21–29 (1999)Google Scholar
  4. 4.
    Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Kim, S., Won, D.H. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  5. 5.
    Buldas, A., Laud, P., Priisalu, J., Saarepera, M., Willemson, J.: Rational choice of security measures via multi-parameter attack trees. In: López, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 235–248. Springer, Heidelberg (2006) CrossRefGoogle Scholar
  6. 6.
    Jürgenson, A., Willemson, J.: Serial model for attack tree computations. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 118–128. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  7. 7.
    Jürgenson, A., Willemson, J.: Computing exact outcomes of multi-parameter attack trees. In: Meersman, R., Tari, Z. (eds.) OTM 2008, Part II. LNCS, vol. 5332, pp. 1036–1051. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  8. 8.
    Jürgenson, A., Willemson, J.: On fast and approximate attack tree computations. In: Wang, G., Deng, R.H., Won, Y., Kwak, J. (eds.) ISPEC 2010. LNCS, vol. 6047, pp. 56–66. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  9. 9.
    Lenin, A., Willemson, J., Sari, D.P.: Attacker profiling in quantitative security assessment based on attack trees. In: Bernsmed, K., Fischer-Hübner, S. (eds.) NordSec 2014. LNCS, vol. 8788, pp. 199–212. Springer, Heidelberg (2014) Google Scholar
  10. 10.
    Buldas, A., Stepanenko, R.: Upper bounds for adversaries’ utility in attack trees. In: Walrand, J., Grossklags, J. (eds.) GameSec 2012. LNCS, vol. 7638, pp. 98–117. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  11. 11.
    Buldas, A., Lenin, A.: New efficient utility upper bounds for the fully adaptive model of attack trees. In: Das, S.K., Nita-Rotaru, C., Kantarcioglu, M. (eds.) GameSec 2013. LNCS, vol. 8252, pp. 192–205. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  12. 12.
    Lenin, A., Buldas, A.: Limiting adversarial budget in quantitative security assessment. In: Poovendran, R., Saad, W. (eds.) GameSec 2014. LNCS, vol. 8840, pp. 155–174. Springer, Heidelberg (2014) Google Scholar
  13. 13.
    Srinivas, M., Patnaik, L.M.: Adaptive probabilities of crossover and mutation in genetic algorithms. IEEE Trans. Syst. Man Cybern. 24(4), 656–667 (1994)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Aleksandr Lenin
    • 1
    • 2
  • Jan Willemson
    • 1
  • Anton Charnamord
    • 1
    • 2
  1. 1.Cybernetica ASTallinnEstonia
  2. 2.Tallinn University of TechnologyTallinnEstonia

Personalised recommendations