Quantitative Attack Tree Analysis: Stochastic Bounds and Numerical Analysis
This paper presents an efficient numerical analysis of the time dependence of the attacker’s success in an attack tree. The leaves of the attack tree associated with the basic attack steps are annotated with finite discrete probability distributions. By a bottom-up approach, the output distributions of the gates, and finally the output distribution at the root of the attack tree is computed. The algorithmic complexities of the gate functions depend on the number of bins of the input distributions. Since the number of bins may increase rapidly due to the successive applications of the gate function, we aim to control the sizes of the input distributions. By using the stochastic ordering and the stochastic monotonicity, we analyze the underlying attack tree by constructing the reduced-size upper and lower distributions. Thus at the root of the attack tree, we compute the bounding distributions of the time when the system would be compromised. The main advantage of this approach is the possibility to have a tradeoff between the accuracy of the bounds and the algorithmic complexity. For a given time t, we can compute the bounds on the probability for the attacker’s success at time t. The time-dependent behavior of attacks is important to have insights on the security of the system and to develop effective countermeasures.
KeywordsAttack tree Discrete probability distribution Stochastic bounds
- 4.Jhawar, R., Kordy, B., Mauw, S., Radomirović, S., Trujillo-Rasua, R.: Attack trees with sequential conjunction. In: Federrath, H., Gollmann, D., Chakravarthy, S.R. (eds.) SEC 2015. IFIP AICT, vol. 455, pp. 339–353. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-18467-8_23 CrossRefGoogle Scholar
- 7.Nielsen, J.R.: Evaluating information assurance control effectiveness on an air force supervisory control and data. Master’s thesis, Air Force Institute of Technology (2011)Google Scholar
- 10.Schneier, B.: Attack trees: modeling security threats. Dr. Dobbs J. Softw. Tools 24(12), 21–29 (1999)Google Scholar
- 11.Siwar Kriaa, L.P., Bouissou, M.: Modeling the stuxnet attack with BDMP: towards more formal risk assessments. In: 2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS), Cork, Ireland, 10–12 October 2012, pp. 1–8. IEEE (2012)Google Scholar