A pragmatic method for integrated modeling of security attacks and countermeasures
Pudar, Srdjan (2007) A pragmatic method for integrated modeling of security attacks and countermeasures. Masters thesis, Iowa State University.
Full text available as:
In recent years, research efforts in cyber security have steadily increased as a result of growing concerns for cyber attacks and also increasing trend in cyber attack incidents. One of the important areas of research that is gaining importance is modeling of attacks and countermeasures to quantify survivability and other security measures of interest. In this context, on one extreme, attack trees model has received attention due to its simplicity and ease of analysis, and on the other extreme, stochastic models have been advocated. While attack trees model does not capture complex dependencies among events and also is not amenable for modeling dynamic nature of the attacks and countermeasures, the fitness of stochastic models is yet to be established as there is not sufficient evidence to show that attack and defense behaviors follow some known distributions. With this motivation, a new attack modeling approach based on Petri nets, called PENET, is developed in this thesis whose goal is to significantly enhance the modeling power of attack trees. PENET introduces relevant concepts such as dynamic nature of attack, repairability of a system, and the existence of recurring attacks. Moreover, it attempts to find a balance between ease of use and representation power by providing set of constructs, parameters, performance metrics, and time domain analysis of attack progress. Time domain analysis produces valuable output such as “time to reach the main goal” and the “path taken” by the attacker. This output helps to evaluate system survivability and defense strategies. This approach is implemented as a software tool, called PENET Tool, which lets users draw model diagrams of a given system through intuitive user interface, perform time domain simulations and carry out security evaluations, and enable interactive ways to improve the survivability of the system.
Archive Staff Only: edit this record