The aim of this paper is to develop a general conceptual model of attack progression that can be applied to modeling of computer and communication threat risks. This paper focuses on attacks that aim at overpowering the victim/prey to gain some benefi t. It examines existing models and introduces a new fl ow model to facilitate development of a general model of two-sided combat. The symmetry between the attacker's and defender's fl ow systems of signals, information, plans, decisions, and actions results in a single combat model incorporating the realms of both attacker and defender. Based on this conceptualization, it is possible to characterize the weak points and develop a map of vulnerabilities in the defender's system. Such a methodology of attack modeling provides a base for analysis in the fi elds of threat modeling and secure software development. Finally, this new model is applied to an SQL injection problem in web services to demonstrate implementation of a real system problem.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.