Time-dependent analysis of attacks

Florian Arnold, Holger Hermanns, Reza Pulungan, Mariëlle Stoelinga

    Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

    49 Citations (Scopus)


    The success of a security attack crucially depends on time: the more time available to the attacker, the higher the probability of a successful attack; when given enough time, any system can be compromised. Insight in time-dependent behaviors of attacks and the evolution of the attacker’s success as time progresses is therefore a key for effective countermeasures in securing systems. This paper presents an efficient technique to analyze attack times for an extension of the prominent formalism of attack trees. If each basic attack step, i.e., each leaf in an attack tree, is annotated with a probability distribution of the time needed for this step to be successful, we show how this information can be propagated to an analysis of the entire tree. In this way, we obtain the probability distribution for the entire system to be attacked successfully as time progresses. For our approach to be effective, we take great care to always work with the best possible compression of the representations of the probability distributions arising. This is achieved by an elegant calculus of acyclic phase type distributions, together with an effective compositional compression technique. We demonstrate the effectiveness of this approach on three case studies, exhibiting orders of magnitude of compression.
    Original languageEnglish
    Title of host publicationProceedings of the Third International Conference on Principles and Security of Trust, POST 2014
    Place of PublicationBerlin
    Number of pages21
    ISBN (Print)978-3-642-54791-1
    Publication statusPublished - Apr 2014
    Event3rd International Conference on Principles and Security of Trust, POST 2014 - Grenoble, France
    Duration: 5 Apr 201413 Apr 2014
    Conference number: 3

    Publication series

    NameLecture Notes in Computer Science
    PublisherSpringer Verlag
    ISSN (Print)0302-9743
    ISSN (Electronic)1611-3349


    Conference3rd International Conference on Principles and Security of Trust, POST 2014
    Abbreviated titlePOST


    • phase type
    • EC Grant Agreement nr.: FP7/2007-2013
    • EC Grant Agreement nr.: FP7/295261
    • EC Grant Agreement nr.: FP7/318490
    • IR-91469
    • EWI-24810
    • Security
    • Attack trees
    • METIS-305906
    • EC Grant Agreement nr.: FP7/318003


    Dive into the research topics of 'Time-dependent analysis of attacks'. Together they form a unique fingerprint.

    Cite this