Cost-damage analysis of attack trees

Milan Lopuhaä-Zwakenberg; Mariëlle Stoelinga

doi:10.1109/DSN58367.2023.00057

Cost-damage analysis of attack trees

Milan Lopuhaä-Zwakenberg^*
, Mariëlle Stoelinga

^*Corresponding author for this work

Formal Methods and Tools

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

2 Citations (Scopus)

108 Downloads (Pure)

Abstract

Attack trees (ATs) are a widely deployed modelling technique to categorize potential attacks on a system. An attacker of such a system aims at doing as much damage as possible, but might be limited by a cost budget. The maximum possible damage for a given cost budget is an important security metric of a system. In this paper, we find the maximum damage given a cost budget by modelling this problem with ATs, both in deterministic and probabilistic settings. We show that the general problem is NP-complete, and provide heuristics to solve it. For general ATs these are based on integer linear programming. However when the AT is tree-structured, then one can instead use a faster bottom-up approach. We also extend these methods to other problems related to the cost-damage tradeoff, such as the cost-damage Pareto front.

Original language	English
Title of host publication	2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
Publisher	IEEE
Pages	545-558
Number of pages	14
ISBN (Print)	979-8-3503-4793-7
DOIs	https://doi.org/10.1109/DSN58367.2023.00057
Publication status	Published - 2023
Event	53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2023 - Porto, Portugal Duration: 27 Jun 2023 → 30 Jun 2023 Conference number: 53

Conference

Conference	53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2023
Abbreviated title	DSN 2023
Country/Territory	Portugal
City	Porto
Period	27/06/23 → 30/06/23

Access to Document

10.1109/DSN58367.2023.00057

ArticleSubmitted version, 822 KB

Code and data used in the experiment section of the publication: Cost-damage analysis of attack trees
Lopuhaä-Zwakenberg, M. (Creator), 4TU.Centre for Research Data, 5 Apr 2023
DOI: 10.4121/afd36f9c-4e84-4420-80f4-66ca02b217bb, https://data.4tu.nl/datasets/afd36f9c-4e84-4420-80f4-66ca02b217bb and 2 more links, https://data.4tu.nl/datasets/afd36f9c-4e84-4420-80f4-66ca02b217bb/1, https://doi.org/10.4121/afd36f9c-4e84-4420-80f4-66ca02b217bb.v1 (show fewer)
Dataset

Cite this

@inproceedings{88c63fb54d3a439b86a8c991303e27dd,

title = "Cost-damage analysis of attack trees",

abstract = "Attack trees (ATs) are a widely deployed modelling technique to categorize potential attacks on a system. An attacker of such a system aims at doing as much damage as possible, but might be limited by a cost budget. The maximum possible damage for a given cost budget is an important security metric of a system. In this paper, we find the maximum damage given a cost budget by modelling this problem with ATs, both in deterministic and probabilistic settings. We show that the general problem is NP-complete, and provide heuristics to solve it. For general ATs these are based on integer linear programming. However when the AT is tree-structured, then one can instead use a faster bottom-up approach. We also extend these methods to other problems related to the cost-damage tradeoff, such as the cost-damage Pareto front.",

author = "Milan Lopuha{\"a}-Zwakenberg and Mari{\"e}lle Stoelinga",

year = "2023",

doi = "10.1109/DSN58367.2023.00057",

language = "English",

isbn = "979-8-3503-4793-7",

pages = "545--558",

booktitle = "2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)",

publisher = "IEEE",

address = "United States",

note = "53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2023, DSN 2023 ; Conference date: 27-06-2023 Through 30-06-2023",

}

TY - GEN

T1 - Cost-damage analysis of attack trees

AU - Lopuhaä-Zwakenberg, Milan

AU - Stoelinga, Mariëlle

N1 - Conference code: 53

PY - 2023

Y1 - 2023

N2 - Attack trees (ATs) are a widely deployed modelling technique to categorize potential attacks on a system. An attacker of such a system aims at doing as much damage as possible, but might be limited by a cost budget. The maximum possible damage for a given cost budget is an important security metric of a system. In this paper, we find the maximum damage given a cost budget by modelling this problem with ATs, both in deterministic and probabilistic settings. We show that the general problem is NP-complete, and provide heuristics to solve it. For general ATs these are based on integer linear programming. However when the AT is tree-structured, then one can instead use a faster bottom-up approach. We also extend these methods to other problems related to the cost-damage tradeoff, such as the cost-damage Pareto front.

AB - Attack trees (ATs) are a widely deployed modelling technique to categorize potential attacks on a system. An attacker of such a system aims at doing as much damage as possible, but might be limited by a cost budget. The maximum possible damage for a given cost budget is an important security metric of a system. In this paper, we find the maximum damage given a cost budget by modelling this problem with ATs, both in deterministic and probabilistic settings. We show that the general problem is NP-complete, and provide heuristics to solve it. For general ATs these are based on integer linear programming. However when the AT is tree-structured, then one can instead use a faster bottom-up approach. We also extend these methods to other problems related to the cost-damage tradeoff, such as the cost-damage Pareto front.

U2 - 10.1109/DSN58367.2023.00057

DO - 10.1109/DSN58367.2023.00057

M3 - Conference contribution

SN - 979-8-3503-4793-7

SP - 545

EP - 558

BT - 2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)

PB - IEEE

T2 - 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2023

Y2 - 27 June 2023 through 30 June 2023

ER -

Cost-damage analysis of attack trees

Abstract

Conference

Access to Document

Fingerprint

Datasets

Code and data used in the experiment section of the publication: Cost-damage analysis of attack trees

Cite this