Restructuring attack trees to identify incorrect or missing relationships between nodes

Hua Cai, Hironori Washizaki, Yoshiaki Fukazawa, Takao Okubo, Haruhiko Kaiya, Nobukazu Yoshioka

研究成果: Conference article査読

抄録

Attack trees are often used to analyze a system or detect application programs attacks. To aid in software design, a method to create safe and stable systems should be created. An attack tree has multiple levels and is composed of different nodes, including root nodes, internal nodes, and leaf nodes. These nodes can be separated into parent nodes and child nodes when discussing their relation. Child nodes are defined as conditions that must be satisfied to make their direct parent nodes true. Although an attack tree can express vertical relationships between nodes well, it usually ignores parallel relationships of different branch nodes. Moreover, the relation between parent-child nodes may be inaccurate due to a poorly designed attack tree. To solve these problems, we present a new way to derive an attack tree system in which the initial attack tree is reconstructed into a new attack tree using Interpretive Structural Modeling (abbr. ISM). The proposed method can easily correct the relation between parent-child nodes and identify horizontal relationships. Finally, the proposed method derives a clear attack tree for more precise system's threat analysis and better defensive measures.

本文言語English
ページ(範囲)18-25
ページ数8
ジャーナルCEUR Workshop Proceedings
2809
出版ステータスPublished - 2021
イベント2018 International Workshop on Evidence-Based Security and Privacy in the Wild and the 1st International Workshop on Machine Learning Systems Engineering, WESPr-iMLSE 2018 - Nara, Japan
継続期間: 2018 12 4 → …

ASJC Scopus subject areas

  • Computer Science(all)

フィンガープリント 「Restructuring attack trees to identify incorrect or missing relationships between nodes」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。

引用スタイル