Cyber security analysis using attack countermeasure trees
Attack tree (AT) is one of the widely used combinatorial models in cyber security analysis. The basic formalism of AT does not take into account defense mechanisms. Defense trees (DT) have been developed to investigate the effect of defense mechanisms using measures such as attacker's cost and security cost, return on investment (ROI) and return on attack (ROA). DT, however, places defense mechanisms only at the leaf node level while the corresponding ROI/ROA analysis does not incorporate the probability of attack. In attack response tree (ART), attacker-defender game was used to fin optimal policy from the countermeasures' pool and it suffers from the problem of state-space explosion, since solution in ART is resolved by means of a partially observable stochastic game model. In this paper, we present a novel attack tree named attack countermeasure trees (ACT) in which (i) defense mechanisms can be applied at any node of the tree, not just at leaf node level, (ii) qualitative analysis (using mincuts, structural and Birnbaum importance measure) and probabilistic analysis (using attacker and security cost, system risk, impact of an attack, ROI and ROA) can be performed (iii) optimal countermeasure set can be selected from the pool of defense mechanisms without constructing a state-space model. We use single and multi-objective optimization to fin suitable countermeasures under different constraints. We illustrate the features of ACT using a practical case study (SCADA attack). © 2010 ACM.