Understanding How Components of Organisations Contribute to Attacks

  • Min Gu
  • Zaruhi Aslanyan
  • Christian W. ProbstEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10014)


Attacks on organisations today explore many different layers, including buildings infrastructure, IT infrastructure, and human factor – the physical, virtual, and social layer. Identifying possible attacks, understanding their impact, and attributing their origin and contributing factors is difficult. Recently, system models have been used for automatically identifying possible attacks on the modelled organisation. The generated attacks consider all three layers, making the contribution of building infrastructure, computer infrastructure, and humans (insiders and outsiders) explicit. However, this contribution is only visible in the attack trees as part of the performed steps; it cannot be mapped back to the model directly since the actions usually involve several elements (attacker and targeted actor or asset). Especially for large attack trees, understanding the relations between several model components quickly results in a large quantity of interrelations, which are hard to grasp. In this work we present several approaches for visualising attributes of attacks such as likelihood of success, impact, and required time or skill level. The resulting visualisations provide a link between attacks on an organisations and the contribution of parts of an organisation to the attack and its impact.


Leaf Node Pareto Frontier Attack Model Attack Tree Graphical Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



Min Gu is an Erasmus Mundus student and receives funding from NordSecMob – Master’s Programme in Security and Mobile Computing. Part of the research leading to these results has received funding from the European Union Seventh Framework Programme (FP7/2007-2013) under grant agreement no. 318003 (TRE\(_\mathrm {S}\)PASS). This publication reflects only the authors’ views and the Union is not liable for any use that may be made of the information contained herein.


  1. 1.
    BBC News: Hack attack causes ‘massive damage’ at steel works (2014). Accessed 15 Oct 2015
  2. 2.
    Schneier, B.: Attack trees: modeling security threats. Dr. Dobb’s J. Softw. Tools 24(12), 21–29 (1999)Google Scholar
  3. 3.
    Kordy, B., Piètre-Cambacédès, L., Schweitzer, P.: Dag-based attack and defense modeling: don’t miss the forest for the attack trees. Comput. Sci. Rev. 13–14, 1–38 (2014)CrossRefzbMATHGoogle Scholar
  4. 4.
    Vigo, R., Nielson, F., Nielson, H.R.: Automated generation of attack trees. In: Proceedings of the 27th Computer Security Foundations Symposium (CSF), pp. 337–350. IEEE (2014)Google Scholar
  5. 5.
    Ivanova, M.G., Probst, C.W., Hansen, R.R., Kammüller, F.: Transforming graphical system models to graphical attack models. In: Mauw, S., Kordy, B., Jajodia, S. (eds.) GraMSec 2015. LNCS, vol. 9390, pp. 82–96. Springer, Heidelberg (2016). doi: 10.1007/978-3-319-29968-6_6 CrossRefGoogle Scholar
  6. 6.
    Ivanova, M.G., Probst, C.W., Hansen, R.R., Kammüller, F.: Attack tree generation by policy invalidation. In: Akram, R.N., Jajodia, S. (eds.) WISTP 2015. LNCS, vol. 9311, pp. 249–259. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-24018-3_16 CrossRefGoogle Scholar
  7. 7.
    The TRE\(_{\rm S}\)PASS Consortium: Project web page. Accessed Apr 2016
  8. 8.
    Kammüller, F., Probst, C.W.: Invalidating policies using structural information. In: 2nd International IEEE Workshop on Research on Insider Threats (WRIT 2013). IEEE Co-located with IEEE CS Security and Privacy 2013 (2013)Google Scholar
  9. 9.
    Kammüller, F., Probst, C.W.: Combining generated data models with formal invalidation for insider threat analysis. In: 3rd International IEEE Workshop on Research on Insider Threats (WRIT 2014). IEEE Co-located with IEEE CS Security and Privacy 2014 (2014)Google Scholar
  10. 10.
    Li, E., Barendse, J., Brodbeck, F., Tanner, A.: From A to Z: developing a visual vocabulary for information security threat visualisation. In: Graphical Models for Security (2016)Google Scholar
  11. 11.
    Probst, C.W., Hansen, R.R.: An extensible analysable system model. Inf. Secur. Techn. Rep. 13(4), 235–246 (2008)CrossRefGoogle Scholar
  12. 12.
    Dimkov, T., Pieters, W., Hartel, P.: Portunes: representing attack scenarios spanning through the physical, digital and social domain. In: Armando, A., Lowe, G. (eds.) ARSPA-WITS 2010. LNCS, vol. 6186, pp. 112–129. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-16074-5_9 CrossRefGoogle Scholar
  13. 13.
    Lenin, A., Willemson, J., Sari, D.P.: Attacker profiling in quantitative security assessment based on attack trees. In: Bernsmed, K., Fischer-Hübner, S. (eds.) NordSec 2014. LNCS, vol. 8788, pp. 199–212. Springer, Heidelberg (2014). doi: 10.1007/978-3-319-11599-3_12 Google Scholar
  14. 14.
    Aslanyan, Z., Nielson, F.: Pareto efficient solutions of attack-defence trees. In: Focardi, R., Myers, A. (eds.) POST 2015. LNCS, vol. 9036, pp. 95–114. Springer, Heidelberg (2015). doi: 10.1007/978-3-662-46666-7_6 Google Scholar
  15. 15.
    Probst, C.W., Hansen, R.R.: Reachability-based impact as a measure for insiderness. In: 5th International Workshop on Managing Insider Security Threats (MIST 2013) (2013)Google Scholar
  16. 16.
    Probst, C.W., Willemson, J., Pieters, W.: The attack navigator. In: Mauw, S., Kordy, B., Jajodia, S. (eds.) GraMSec 2015. LNCS, vol. 9390, pp. 1–17. Springer, Heidelberg (2016). doi: 10.1007/978-3-319-29968-6_1 CrossRefGoogle Scholar
  17. 17.
    Pieters, W., Barendse, J., Ford, M., Heath, C.P.R., Probst, C.W., Verbij, R.: The navigation metaphor in security economics. IEEE Secur. Priv. 14(3), 14–21 (2016)CrossRefGoogle Scholar
  18. 18.
    Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Attack-defense trees. J. Log. Comput. 24(1), 55–87 (2014)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  1. 1.Technical University of DenmarkKongens LyngbyDenmark

Personalised recommendations