Attack Countermeasure Trees: A Non-state-space Approach Towards Analyzing Security and Finding Optimal Countermeasure Set
Attack tree (AT) is one of the widely used non-statespace
models in security analysis. The basic formalism of AT
does not take into account defense mechanisms. Defense trees
(DTs) have been developed to investigate the effect of defense
mechanisms usinghg measures such as attack cost, security
investment cost, return on attack (ROA) and return on investment
(ROI). DT, however, places defense mechanisms only at the
leaf nodes and the corresponding ROI/ROA analysis does not
incorporate the probabilities of attack. In attack response tree
(ART), attack and response are both captured but ART suffers
from the problem of state-space explosion, since solution of
ART is obtained by means of a state space model. In this
paper, we present a novel attack tree paradigm called attack
countermeasure tree (ACT) which avoids the generation and
solution of the state-space model and takes into account attacks as
well as countermeasures (in the form of detection and mitigation
events). In ACT, detection and mitigation are allowed not just at
the leaf node but also at the intermediate nodes while at the same
time the state-space explosion problem is avoided in its analysis.
We use single and multiobjective optimization to find optimal
countermeasures under different constraints. We illustrate the
features of ACT using several case studies.
Computer Engineering
Computer Science
attack countermeasure trees
mincuts
non-state-space model
optimization
return on investment

This work is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 United States License.
Rights for Collection: Masters Theses
Works are deposited here by their authors, and represent their research and opinions, not that of Duke University. Some materials and descriptions may include offensive content. More info