Skip to main content

Cyber security analysis using attack countermeasure trees

Publication ,  Journal Article
Roy, A; Kim, DS; Trivedi, KS
Published in: ACM International Conference Proceeding Series
November 22, 2010

Attack tree (AT) is one of the widely used combinatorial models in cyber security analysis. The basic formalism of AT does not take into account defense mechanisms. Defense trees (DT) have been developed to investigate the effect of defense mechanisms using measures such as attacker's cost and security cost, return on investment (ROI) and return on attack (ROA). DT, however, places defense mechanisms only at the leaf node level while the corresponding ROI/ROA analysis does not incorporate the probability of attack. In attack response tree (ART), attacker-defender game was used to fin optimal policy from the countermeasures' pool and it suffers from the problem of state-space explosion, since solution in ART is resolved by means of a partially observable stochastic game model. In this paper, we present a novel attack tree named attack countermeasure trees (ACT) in which (i) defense mechanisms can be applied at any node of the tree, not just at leaf node level, (ii) qualitative analysis (using mincuts, structural and Birnbaum importance measure) and probabilistic analysis (using attacker and security cost, system risk, impact of an attack, ROI and ROA) can be performed (iii) optimal countermeasure set can be selected from the pool of defense mechanisms without constructing a state-space model. We use single and multi-objective optimization to fin suitable countermeasures under different constraints. We illustrate the features of ACT using a practical case study (SCADA attack). © 2010 ACM.

Duke Scholars

Published In

ACM International Conference Proceeding Series

DOI

Publication Date

November 22, 2010
 

Citation

APA
Chicago
ICMJE
MLA
NLM
Roy, A., Kim, D. S., & Trivedi, K. S. (2010). Cyber security analysis using attack countermeasure trees. ACM International Conference Proceeding Series. https://doi.org/10.1145/1852666.1852698
Roy, A., D. S. Kim, and K. S. Trivedi. “Cyber security analysis using attack countermeasure trees.” ACM International Conference Proceeding Series, November 22, 2010. https://doi.org/10.1145/1852666.1852698.
Roy A, Kim DS, Trivedi KS. Cyber security analysis using attack countermeasure trees. ACM International Conference Proceeding Series. 2010 Nov 22;
Roy, A., et al. “Cyber security analysis using attack countermeasure trees.” ACM International Conference Proceeding Series, Nov. 2010. Scopus, doi:10.1145/1852666.1852698.
Roy A, Kim DS, Trivedi KS. Cyber security analysis using attack countermeasure trees. ACM International Conference Proceeding Series. 2010 Nov 22;

Published In

ACM International Conference Proceeding Series

DOI

Publication Date

November 22, 2010