Technical Communication: Attribution of attack trees

Authors:
John N. Whitley;Raphael C. -W. Phan;Jie Wang;David J. Parish
Affiliations:
High Speed Networks Research Group, Department of Electronic and Electrical Engineering, Faculty of Engineering, Loughborough University, Leicestershire LE11 3TU, United Kingdom;High Speed Networks Research Group, Department of Electronic and Electrical Engineering, Faculty of Engineering, Loughborough University, Leicestershire LE11 3TU, United Kingdom;High Speed Networks Research Group, Department of Electronic and Electrical Engineering, Faculty of Engineering, Loughborough University, Leicestershire LE11 3TU, United Kingdom;High Speed Networks Research Group, Department of Electronic and Electrical Engineering, Faculty of Engineering, Loughborough University, Leicestershire LE11 3TU, United Kingdom
Venue:
Computers and Electrical Engineering
Year:
2011

Citing 12
Cited 1

Defense trees for economic evaluation of security investments

ARES '06 Proceedings of the First International Conference on Availability, Reliability and Security
Optimal security hardening using multi-objective optimization on attack tree models of networks

Proceedings of the 14th ACM conference on Computer and communications security
Distributed Divide-and-Conquer Techniques for Effective DDoS Attack Defenses

ICDCS '08 Proceedings of the 2008 The 28th International Conference on Distributed Computing Systems
Design and Application of Penetration Attack Tree Model Oriented to Attack Resistance Test

CSSE '08 Proceedings of the 2008 International Conference on Computer Science and Software Engineering - Volume 03
Computing Exact Outcomes of Multi-parameter Attack Trees

OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Security Protocol Testing Using Attack Trees

CSE '09 Proceedings of the 2009 International Conference on Computational Science and Engineering - Volume 02
Processing multi-parameter attacktrees with estimated parameter values

IWSEC'07 Proceedings of the Security 2nd international conference on Advances in information and computer security
Serial model for attack tree computations

ICISC'09 Proceedings of the 12th international conference on Information security and cryptology
Foundations of attack-defense trees

FAST'10 Proceedings of the 7th International conference on Formal aspects of security and trust
Rational choice of security measures via multi-parameter attack trees

CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
OWA trees and their role in security modeling using attack trees

Information Sciences: an International Journal
Foundations of attack trees

ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology

Survey and analysis on Security Requirements Engineering

Computers and Electrical Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

An attack tree is a useful analytical technique to model security threats and/or risks, and hence model attacks as actual realizations of the former. Research on attack trees have focused either on applying such trees to model various ranges of security systems, or on advancements to this technique in itself. In this paper, we revisit the notion of attack tree attribution, i.e. how explicit attribute values of child nodes are aggregated to form the attribute of the parent node, and propose a novel attribution approach. We then show using this approach within the context of analyzing the weakest links of security systems, how the weakest link may not necessarily always be so, but instead it depends on the existence of other stronger links within the system.