Processing multi-parameter attacktrees with estimated parameter values

Authors:
Aivo Jürgenson;Jan Willemson
Affiliations:
Tallinn University of Technology, Tallinn, Estonia and Elion Enterprises Ltd., Tallinn, Estonia;Tartu University, Institute of Computer Science, Tartu, Estonia and Cybernetica, Tartu, Estonia
Venue:
IWSEC'07 Proceedings of the Security 2nd international conference on Advances in information and computer security
Year:
2007

Citing 12
Cited 6

Propagating imprecise probabilities in Bayesian networks

Artificial Intelligence
Fighting computer crime: a new framework for protecting information

Fighting computer crime: a new framework for protecting information
Secrets & Lies: Digital Security in a Networked World

Secrets & Lies: Digital Security in a Networked World
Two Formal Analys s of Attack Graphs

CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Automated Generation and Analysis of Attack Graphs

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Why the Future Belongs to the Quants

IEEE Security and Privacy
Attack Plan Recognition and Prediction Using Causal Networks

ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
A Junction Tree Propagation Algorithm for Bayesian Networks with Second-Order Uncertainties

ICTAI '06 Proceedings of the 18th IEEE International Conference on Tools with Artificial Intelligence
Building Secure Software: How to Avoid Security Problems the Right Way (paperback) (Addison-Wesley Professional Computing Series)

Building Secure Software: How to Avoid Security Problems the Right Way (paperback) (Addison-Wesley Professional Computing Series)
Modelling and analysing network security policies in a given vulnerability setting

CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
Rational choice of security measures via multi-parameter attack trees

CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
Foundations of attack trees

ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology

Computing Exact Outcomes of Multi-parameter Attack Trees

OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Quantified security is a weak hypothesis: a critical survey of results and assumptions

NSPW '09 Proceedings of the 2009 workshop on New security paradigms workshop
Serial model for attack tree computations

ICISC'09 Proceedings of the 12th international conference on Information security and cryptology
Optimal adversary behavior for the serial model of financial attack trees

IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
Technical Communication: Attribution of attack trees

Computers and Electrical Engineering
On fast and approximate attack tree computations

ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience

Quantified Score

Hi-index	0.00

Visualization

Abstract

Authors extend the multi-parameter attacktree model to include inaccurate or estimated parameter values, which are modelled as probabilistic interval estimations. The paper develops mathematical tools to extend the computation rules of the attacktree model to work with interval estimations instead of point estimates. We present a sample computation routine and discuss how to interpret the analysis results and how to choose the optimal or an economically justified security level.