A Stochastic Framework for Quantitative Analysis of Attack-Defense Trees

Ravi Jhawar; Karim Lounis; Sjouke Mauw

doi:10.1007/978-3-319-46598-2_10

A Stochastic Framework for Quantitative Analysis of Attack-Defense Trees

Ravi Jhawar, Karim Lounis^*, Sjouke Mauw

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

9 Citations (Scopus)

Abstract

Cyber attacks are becoming increasingly complex, practically sophisticated and organized. Losses due to such attacks are important, varying from the loss of money to business reputation spoilage. Therefore, there is a great need for potential victims of cyber attacks to deploy security solutions that allow the identification and/or prediction of potential cyber attacks, and deploy defenses to face them. In this paper, we propose a framework that incorporates Attack-Defense trees (ADTrees) and Continuous Time Markov Chains (CTMCs) to systematically represent attacks, defenses, and their interaction. This solution allows to perform quantitative security assessment, with an aim to predict and/or identify attacks and find the best and appropriate defenses to reduce the impact of attacks.

Original language	English
Title of host publication	12th International Workshop on Security and Trust Management, STM 2016
Editors	Gilles Barthe, Evangelos Markatos, Pierangela Samarati
Place of Publication	Cham
Publisher	Springer
Pages	138-153
Number of pages	16
ISBN (Electronic)	978-3-319-46598-2
ISBN (Print)	978-3-319-46597-5
DOIs	https://doi.org/10.1007/978-3-319-46598-2_10
Publication status	Published - 17 Sep 2016
Event	12th International Workshop on Security and Trust Management, STM 2016 - Heraklion, Crete, Greece Duration: 17 Sep 2016 → …

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer International Publishing
Volume	9871
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	12th International Workshop on Security and Trust Management, STM 2016
City	Heraklion, Crete, Greece
Period	17/09/16 → …

Keywords

EC Grant Agreement nr.: FP7/2007-2013
EC Grant Agreement nr.: FP7/318003
Attack-Defense Trees
Markov chains
Security modeling
Quantitative analysis

Access to Document

10.1007/978-3-319-46598-2_10

Fingerprint Dive into the research topics of 'A Stochastic Framework for Quantitative Analysis of Attack-Defense Trees'. Together they form a unique fingerprint.

Cite this

@inproceedings{a3e36583f6eb42298098bea49a1e25ca,

title = "A Stochastic Framework for Quantitative Analysis of Attack-Defense Trees",

abstract = "Cyber attacks are becoming increasingly complex, practically sophisticated and organized. Losses due to such attacks are important, varying from the loss of money to business reputation spoilage. Therefore, there is a great need for potential victims of cyber attacks to deploy security solutions that allow the identification and/or prediction of potential cyber attacks, and deploy defenses to face them. In this paper, we propose a framework that incorporates Attack-Defense trees (ADTrees) and Continuous Time Markov Chains (CTMCs) to systematically represent attacks, defenses, and their interaction. This solution allows to perform quantitative security assessment, with an aim to predict and/or identify attacks and find the best and appropriate defenses to reduce the impact of attacks.",

keywords = "EC Grant Agreement nr.: FP7/2007-2013, EC Grant Agreement nr.: FP7/318003, Attack-Defense Trees, Markov chains, Security modeling, Quantitative analysis",

author = "Ravi Jhawar and Karim Lounis and Sjouke Mauw",

year = "2016",

month = sep,

day = "17",

doi = "10.1007/978-3-319-46598-2_10",

language = "English",

isbn = "978-3-319-46597-5",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "138--153",

editor = "Gilles Barthe and Evangelos Markatos and Pierangela Samarati",

booktitle = "12th International Workshop on Security and Trust Management, STM 2016",

note = "12th International Workshop on Security and Trust Management, STM 2016 ; Conference date: 17-09-2016",

}

Jhawar, R, Lounis, K & Mauw, S 2016, A Stochastic Framework for Quantitative Analysis of Attack-Defense Trees. in G Barthe, E Markatos & P Samarati (eds), 12th International Workshop on Security and Trust Management, STM 2016. Lecture Notes in Computer Science, vol. 9871, Springer, Cham, pp. 138-153, 12th International Workshop on Security and Trust Management, STM 2016, Heraklion, Crete, Greece, 17/09/16. https://doi.org/10.1007/978-3-319-46598-2_10

A Stochastic Framework for Quantitative Analysis of Attack-Defense Trees. / Jhawar, Ravi; Lounis, Karim; Mauw, Sjouke.

12th International Workshop on Security and Trust Management, STM 2016. ed. / Gilles Barthe; Evangelos Markatos; Pierangela Samarati. Cham : Springer, 2016. p. 138-153 (Lecture Notes in Computer Science; Vol. 9871).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - A Stochastic Framework for Quantitative Analysis of Attack-Defense Trees

AU - Jhawar, Ravi

AU - Lounis, Karim

AU - Mauw, Sjouke

PY - 2016/9/17

Y1 - 2016/9/17

N2 - Cyber attacks are becoming increasingly complex, practically sophisticated and organized. Losses due to such attacks are important, varying from the loss of money to business reputation spoilage. Therefore, there is a great need for potential victims of cyber attacks to deploy security solutions that allow the identification and/or prediction of potential cyber attacks, and deploy defenses to face them. In this paper, we propose a framework that incorporates Attack-Defense trees (ADTrees) and Continuous Time Markov Chains (CTMCs) to systematically represent attacks, defenses, and their interaction. This solution allows to perform quantitative security assessment, with an aim to predict and/or identify attacks and find the best and appropriate defenses to reduce the impact of attacks.

AB - Cyber attacks are becoming increasingly complex, practically sophisticated and organized. Losses due to such attacks are important, varying from the loss of money to business reputation spoilage. Therefore, there is a great need for potential victims of cyber attacks to deploy security solutions that allow the identification and/or prediction of potential cyber attacks, and deploy defenses to face them. In this paper, we propose a framework that incorporates Attack-Defense trees (ADTrees) and Continuous Time Markov Chains (CTMCs) to systematically represent attacks, defenses, and their interaction. This solution allows to perform quantitative security assessment, with an aim to predict and/or identify attacks and find the best and appropriate defenses to reduce the impact of attacks.

KW - EC Grant Agreement nr.: FP7/2007-2013

KW - EC Grant Agreement nr.: FP7/318003

KW - Attack-Defense Trees

KW - Markov chains

KW - Security modeling

KW - Quantitative analysis

U2 - 10.1007/978-3-319-46598-2_10

DO - 10.1007/978-3-319-46598-2_10

M3 - Conference contribution

SN - 978-3-319-46597-5

T3 - Lecture Notes in Computer Science

SP - 138

EP - 153

BT - 12th International Workshop on Security and Trust Management, STM 2016

A2 - Barthe, Gilles

A2 - Markatos, Evangelos

A2 - Samarati, Pierangela

PB - Springer

CY - Cham

T2 - 12th International Workshop on Security and Trust Management, STM 2016

Y2 - 17 September 2016

ER -