Using Attack Trees to Identify Malicious Attacks from Authorized Insiders

Ray, Indrajit; Poolsapassit, Nayot

doi:10.1007/11555827_14

Cited by 108 publications

(62 citation statements)

References 9 publications

(14 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…An attack graph models knowledge about the inter-dependency between system vulnerabilities and knowledge about the network topology in terms of a graph-based data structure [68,48,47]. Model checking analysis techniques are typically used to determine all possible sequences of an attack against a system [70,40,57].…”

Section: Related Researchmentioning

confidence: 99%

See 1 more Smart Citation

Management of security policy configuration using a Semantic Threat Graph approach

Foley

Fitzgerald

2011

JCS

View full text Add to dashboard Cite

Managing the configuration of heterogeneous enterprise security mechanisms is a complex task. The effectiveness of a configuration may be constrained by poor understanding and/or management of the overall security policy requirements, which may, in turn, unnecessarily expose the enterprise to known threats. This paper proposes a threat management based approach, whereby knowledge about the effectiveness of mitigating countermeasures is used to guide the autonomic configuration of security mechanisms. This knowledge is modeled in terms of Semantic Threat Graphs, a variation of the traditional Threat/Attack Tree, extended in order to relate semantic information about security configuration with threats, vulnerabilities and countermeasures. An ontology-based approach to representing and reasoning over this knowledge is taken. A case study based on Network Access Controls demonstrates how threats can be analysed and how automated configuration recommendations can be made based on catalogues of countermeasures. These countermeasures are drawn from best-practice standards, including NIST, IETF and PCI-DSS recommendations for firewall configuration.

show abstract

Section: Related Researchmentioning

confidence: 99%

“…Model checking analysis techniques are typically used to determine all possible sequences of an attack against a system [70,40,57]. While threat trees typically focus on the consequence of an attack, attack graphs typically focus on the attacker activity and his/her interaction with the system under threat [48].…”

Section: Related Researchmentioning

confidence: 99%

Management of security policy configuration using a Semantic Threat Graph approach

Foley

Fitzgerald

2011

JCS

View full text Add to dashboard Cite

show abstract

“…Attack trees have been previously proposed [2,8,11,12] as a systematic method to specify system security based on varying attacks. They help organize intrusion and/or misuse scenarios by 1. utilizing known vulnerabilities and/or weak spots in the system, and 2. analyzing system dependencies and weak links and representing these dependencies in the form of an And-Or tree.…”

Section: Modeling Attacks Using Attack Treesmentioning

confidence: 99%

“…A second criticism of using attack tree to model attack scenarios is that they tend to get unwieldy. Earlier, in one of our works [11], we had shown how we can reduce the size of the attack tree so that it is usable.…”

Section: Modeling Attacks Using Attack Treesmentioning

confidence: 99%

See 1 more Smart Citation

An Opinion Model for Evaluating Malicious Activities in Pervasive Computing Systems

Ray

Poolsappasit

Dewri

2008

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. Pervasive computing applications typically involve cooperation among a number of entities spanning multiple organizations. Any security breach in any single entity can have very far-reaching consequences. In addition, a number of factors make the task of defending against malicious attacks in pervasive systems even more complex than conventional systems. Foremost among them is that a significant number of the devices deployed in such environments are frequently severely resource constrained. Thus strong security controls cannot be easily deployed on these devices. A second factor is that since a large number of such devices are also involved, attacks can propagate very fast in pervasive environments. These prompt us to propose a model for predicting malicious activities in pervasive systems. Our model is based on a logic of opinion that has been proposed elsewhere. Ours is not an intrusion detection system for pervasive systems but works in tandem with one. The system we propose can be used as a standard interface to analyze pervasive system activities in general and generate an opinion about the possibility of an attack.

show abstract

Evaluating Classifiers for Mobile-Masquerader Detection

Mazhelis

Puuronen

Raento

2006

Security and Privacy in Dynamic Environments

View full text Add to dashboard Cite

As a result of the impersonation of a user of a mobile terminal, sensitive information kept locally or accessible over the network can be abused. The means of masquerader detection are therefore needed to detect the cases of impersonation. In this paper, the problem of mobile-masquerader detection is considered as a problem of classifying the user behaviour as originating from the legitimate user or someone else. Different behavioural characteristics are analysed by designated one-class classifiers whose classifications are combined. The paper focuses on selecting the classifiers for mobile-masquerader detection. The selection process is conducted in two phases. First, the classification accuracies of classifiers are empirically evaluated, and inaccurate classifiers are excluded. After that, the accuracies of different classifier combinations are explored, and the combination with the best classification accuracy is identified. The experimental results suggest that, in order to achieve better accuracy, the individual classifiers with both high classification accuracy and a small number of non-classifications need to be selected.

show abstract

Using Attack Trees to Identify Malicious Attacks from Authorized Insiders

Cited by 108 publications

References 9 publications

Management of security policy configuration using a Semantic Threat Graph approach

Management of security policy configuration using a Semantic Threat Graph approach

An Opinion Model for Evaluating Malicious Activities in Pervasive Computing Systems

Evaluating Classifiers for Mobile-Masquerader Detection

Contact Info

Product

Resources

About