Calculating Adversarial Risk from Attack Trees: Control Strength and Probabilistic Attackers

机译：从攻击树计算对抗风险：控制强度和概率攻击者

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
相似文献
相关主题

摘要

Attack trees are a well-known formalism for quantitative analysis of cyber attacks consisting of multiple steps and alternative paths. It is possible to derive properties of the overall attacks from properties of individual steps, such as cost for the attacker and probability of success. However, in existing formalisms, such properties are considered independent. For example, investing more in an attack step would not increase the probability of success. As this seems counterintuitive, we introduce a framework for reasoning about attack trees based on the notion of control strength, annotating nodes with a function from attacker investment to probability of success. Calculation rules on such trees are defined to enable analysis of optimal attacker investment. Our second result consists of the translation of optimal attacker investment into the associated adversarial risk, yielding what we call adversarial risk trees. The third result is the introduction of probabilistic attacker strategies, based on the fitness (utility) of available scenarios. Together these contributions improve the possibilities for using attack trees in adversarial risk analysis.

机译：攻击树是一种众所周知的形式主义，用于对网络攻击进行定量分析，包括多个步骤和替代路径。可以从各个步骤的属性中得出整体攻击的属性，例如攻击者的成本和成功的可能性。但是，在现有形式主义中，此类属性被认为是独立的。例如，对攻击步骤进行更多投资不会增加成功的可能性。由于这似乎违反直觉，因此我们引入了一种基于控制强度的概念来对攻击树进行推理的框架，以从攻击者投资到成功概率的功能来注释节点。定义了此类树的计算规则，以便能够分析最佳的攻击者投资。我们的第二个结果包括将最佳攻击者投资转换为相关的对抗风险，从而产生了所谓的对抗风险树。第三个结果是根据可用方案的适用性（实用性）引入了概率攻击者策略。这些贡献共同提高了在攻击风险分析中使用攻击树的可能性。

著录项

来源
《Data privacy management, autonomous spontaneous security, and security assurance》|2014年|201-215|共15页
会议地点 Wroclaw(PL)
作者
Wolter Pieters; Mohsen Davarynejad;
展开▼
作者单位

Technology Policy and Management, ICT, Delft University of Technology, Delft, The Netherlands,EEMCS, Services, Cybersecurity and Safety, University of Twente, Enschede, The Netherlands;

Technology Policy and Management, ICT, Delft University of Technology, Delft, The Netherlands,Department of Radiation Oncology, Erasmus Medical Center, Daniel den Hoed Cancer Center, Rotterdam, The Netherlands;

展开▼
会议组织
原文格式 PDF
正文语种 eng
中图分类
关键词
Adversarial risk analysis; Attack trees; Attacker models; Control strength; Fitness functions; Security metrics; Simulation;

机译：对抗风险分析；攻击树；攻击者模型；控制强度；健身功能；安全指标；模拟;

相似文献

外文文献
中文文献
专利

1. Approaches for Fake Content Detection: Strengths and Weaknesses to Adversarial Attacks [J] . Carter Matthew, Tsikerdekis Michail, Zeadally Sherali IEEE internet computing . 2021,第2期

机译：假内容检测方法：对抗对抗攻击的优势和缺点
2. Risk-based attack strategies for mobile ad hoc networks under probabilistic attack modeling framework [J] . Vasileios Karyotis, Symeon Papavassiliou Computer networks . 2007,第9期

机译：概率攻击建模框架下的移动自组织网络基于风险的攻击策略
3. Adversarial risks in the lab - An experimental study of framing-effects in attacker-defender games [J] . Meng Sascha, Wiens Marcus, Schultmann Frank Safety science . 2019,第期

机译：实验室的对抗性风险 - 攻击者 - 后卫游戏中框架效应的实验研究
4. Calculating Adversarial Risk from Attack Trees: Control Strength and Probabilistic Attackers [C] . Wolter Pieters, Mohsen Davarynejad International Workshop on Data Privacy Management . 2015

机译：从攻击树上计算对抗性风险：控制力量和概率攻击者
5. Cyber risk modeling and attack-resilient control for power grid [D] . Sridhar, Siddharth 2015

机译：电网的网络风险建模和防攻击控制
6. Continuous Quantitative Risk Management in Smart Grids Using Attack Defense Trees [O] . Erkuden Rios, Angel Rego, Eider Iturbe, 2020

机译：使用攻击防御树在智能电网中连续定量风险管理
7. A Multi-strength Adversarial Training Method to Mitigate Adversarial Attacks [O] . Song, Chang, Cheng, Hsin-Pai, Wu, Chunpeng, 2017

机译：一种减轻对抗性的多强度对抗训练方法攻击
8. Security Risk Analysis of Enterprise Networks Using Probabilistic Attack Graphs [R] . Singhai, A., Ou, X. 2011

机译：基于概率攻击图的企业网安全风险分析

Calculating Adversarial Risk from Attack Trees: Control Strength and Probabilistic Attackers

摘要

著录项

相似文献

相关主题

期刊订阅