SpringerLink
Log in

Cyber Attack Modeling Recent Approaches: A Review

  • Conference paper
  • First Online:
Proceedings of Third International Conference on Computing, Communications, and Cyber-Security

Part of the book series: Lecture Notes in Networks and Systems ((LNNS,volume 421))

  • 857 Accesses

Abstract

The advancement in cyber technology has enhanced user convenience tremendously hence accelerated its uses. But at the same time, cyber frauds, threats, and attacks have increased with same pace. So, to protect our cyber system and devices from them, cyber attack modeling is quite essential and challenging task. It provides us the chance to detect and protect our system by applying suitable security measures to them. There are many attack modeling techniques available today. This paper provides an elaborate discussion on the two very popular graphical attack modeling techniques, that is Attack graph and attack tree-based approaches. A comparative analysis of various works done in these techniques is presented here.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now
Chapter
EUR 29.95
Price includes VAT (Thailand)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
EUR 181.89
Price includes VAT (Thailand)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
EUR 219.99
Price excludes VAT (Thailand)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. 2020 Internet Crime Report.

    Google Scholar 

  2. Shirey, R. (2007). Internet security glossary, version 2.

    Google Scholar 

  3. Swiler, L. P., Phillips, C., & Gaylor, T. (1998). A graph-based network-vulnerability analysis system (No. SAND-97-3010/1). Sandia National Labs.

    Google Scholar 

  4. Haasl, D. F., Roberts, N. H., Vesely, W. E., & Goldberg, F. F. (1981). Fault tree handbook (No. NUREG-0492). Nuclear Regulatory Commission.

    Google Scholar 

  5. Schneier, B. (1999). Attack trees. Dr. Dobb’s Journal, 24(12), 21–29.

    Google Scholar 

  6. Horne, R., Mauw, S., & Tiu, A. (2017). Semantics for specialising attack trees based on linear logic. Fundamenta Informaticae, 153(1–2), 57–86.

    Article  MathSciNet  Google Scholar 

  7. Jhawar, R., Kordy, B., Mauw, S., Radomirović, S., & Trujillo-Rasua, R. (2015). Attack trees with sequential conjunction. In IFIP International Information Security and Privacy Conference (pp. 339–353). Springer.

    Google Scholar 

  8. Kordy, B., Mauw, S., Radomirović, S., & Schweitzer, P. (2014). Attack-defense trees. Journal of Logic and Computation, 24(1), 55–87.

    Article  MathSciNet  Google Scholar 

  9. Mauw, S., & Oostdijk, M. (2005). Foundations of attack trees. In International Conference on Information Security and Cryptology (pp. 186–198). Springer.

    Google Scholar 

  10. Hermanns, H., Krämer, J., Kršál, J., & Stoelinga, M. (2016). The value of attack-defence diagrams. In International Conference on Principles of Security and Trust (pp. 163–185). Springer.

    Google Scholar 

  11. Roy, A., Kim, D. S., & Trivedi, K. S. (2012). Attack countermeasure trees (ACT): Towards unifying the constructs of attack and defense trees. Security and Communication Networks, 5(8), 929–943.

    Article  Google Scholar 

  12. Jürgenson, A., & Willemson, J. (2015). Computing exact outcomes of multi-parameter attack trees. In OTM Confederated International Conferences On the Move to Meaningful Internet Systems (pp. 1036–1051). Springer.

    Google Scholar 

  13. Cheung, S., Lindqvist, U., & Fong, M. W. (2003). Modeling multistep cyber attacks for scenario recognition. In Proceedings DARPA Information Survivability Conference and Exposition (Vol. 1, pp. 284–292). IEEE.

    Google Scholar 

  14. Valdes, A., & Skinner, K. (2001). Probabilistic alert correlation. In International Workshop on Recent Advances in Intrusion Detection (pp. 54–68). Springer.

    Google Scholar 

  15. Porras, P. A., Fong, M. W., & Valdes, A. (2002). A mission-impact-based approach to INFOSEC alarm correlation. In International Workshop on Recent Advances in Intrusion Detection (pp. 95–114). Springer.

    Google Scholar 

  16. Qin, X., & Lee, W. (2003). Statistical causality analysis of INFOSEC alert data. In International Workshop on Recent Advances in Intrusion Detection (pp. 73–93). Springer.

    Google Scholar 

  17. Petri, C. A. (1962). Communication with automata [Ph.D. thesis]. Technische Universitat Darmstadt.

    Google Scholar 

  18. Zakrzewska, A. N., & Ferragut, E. M. (2011). Modeling cyber conflicts using an extended Petri Net formalism. In 2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS) (pp. 60–67). IEEE.

    Google Scholar 

  19. Petty, M. D., Whitaker, T. S., Bland, J. A., Cantrell, W. A., & Mayfield, K. P. (2019). Modeling cyberattacks with extended petri nets: Research program overview and status report. In Proceedings of the International Conference on Modeling, Simulation and Visualization Methods (MSV) (pp. 27–33). The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp).

    Google Scholar 

  20. Audinot, M., Pinchinat, S., & Kordy, B. (2017). Is my attack tree correct? In European Symposium on Research in Computer Security (pp. 83–102). Springer.

    Google Scholar 

  21. Vigo, R., Nielson, F., & Nielson, H. R. (2014). Automated generation of attack trees. In 2014 IEEE 27th Computer Security Foundations Symposium (pp. 337–350). IEEE.

    Google Scholar 

  22. Vigo, R., Nielson, F., & Nielson, H. R. (2016). Discovering, quantifying, and displaying attacks. ar**v preprint ar**v:1607.07720.

  23. Pinchinat, S., Acher, M., & Vojtisek, D. (2014). Towards synthesis of attack trees for supporting computer-aided risk analysis. In International Conference on Software Engineering and Formal Methods (pp. 363–375). Springer.

    Google Scholar 

  24. Pinchinat, S., Acher, M., & Vojtisek, D. (2015). ATSyRa: An integrated environment for synthesizing attack trees. In International Workshop on Graphical Models for Security (pp. 97–101). Springer.

    Google Scholar 

  25. Gadyatskaya, O., Jhawar, R., Mauw, S., Trujillo-Rasua, R., & Willemse, T. A. C. (2017). Refinement-aware generation of attack trees. In International Workshop on Security and Trust Management (pp. 164–179). Springer.

    Google Scholar 

  26. Ivanova, M. G., Probst, C. W., Hansen, R. R., & Kammüller, F. (2015). Attack tree generation by policy invalidation. In IFIP International Conference on Information Security Theory and Practice (pp. 249–259). Springer.

    Google Scholar 

  27. Ivanova, M. G., Probst, C. W., Hansen, R. R., & Kammüller, F. (2015). Transforming graphical system models to graphical attack models. In International Workshop on Graphical Models for Security (pp. 82–96). Springer.

    Google Scholar 

  28. Ammann, P., Wijesekera, D., & Kaushik, S. (2002). Scalable, graph-based network vulnerability analysis. In Proceedings of the 9th ACM Conference on Computer and Communications Security (pp. 217–224).

    Google Scholar 

  29. Ritchey, R. W., & Ammann, P. (2000). Using model checking to analyze network vulnerabilities. In Proceeding 2000 IEEE Symposium on Security and Privacy, S&P 2000 (pp. 156–165). IEEE.

    Google Scholar 

  30. Jajodia, S., & Noel, S. (2010). Topological vulnerability analysis. In Cyber situational awareness (pp. 139–154). Springer.

    Google Scholar 

  31. Noel, S., Elder, M., Jajodia, S., Kalapa, P., O’Hare, S., & Prole, K. (2009). Advances in topological vulnerability analysis. In 2009 Cybersecurity Applications & Technology Conference for Homeland Security (pp. 124–129). IEEE.

    Google Scholar 

  32. Wang, L., Albanese, M., & Jajodia, S. (2014). Attack graph and network hardening. In Network hardening (pp. 15–22). Springer.

    Google Scholar 

  33. Wang, L., Albanese, M., & Jajodia, S. (2014). Minimum-cost network hardening. In Network hardening (pp. 23–38). Springer.

    Google Scholar 

  34. Wang, L., Albanese, M., & Jajodia, S. (2014). Linear-time network hardening. In Network hardening (pp. 39–58). Springer.

    Google Scholar 

  35. Beckers, K., Krautsevich, L., & Yautsiukhin, A. (2014) Analysis of social engineering threats with attack graphs. In Data privacy management, autonomous spontaneous security, and security assurance (pp. 216–232). Springer.

    Google Scholar 

  36. Aslanyan, Z., & Nielson, F. (2016). Pareto efficient solutions of attack-defence trees. In International Conference on Principles of Security and Trust (pp. 95–114). Springer.

    Google Scholar 

  37. Kordy, B., & Wideł, W. (2017). How well can I secure my system? In International Conference on Integrated Formal Methods (pp. 332–347). Springer.

    Google Scholar 

  38. Kordy, B., & Wideł, W. (2018). On quantitative analysis of attack-defense trees with repeated labels. In International Conference on Principles of Security and Trust (pp. 325–346). Springer.

    Google Scholar 

  39. Singh, V. P., & Ujjwal, R. L. (2019). Privacy attack modeling and risk assessment method for name data networking. In Advances in Computer Communication and Computational Sciences (pp. 109–119). Springer.

    Google Scholar 

  40. Meyur, R. (2020). A Bayesian attack tree based approach to assess cyber-physical security of power system. In 2020 IEEE Texas Power and Energy Conference (TPEC) (pp. 1–6). IEEE.

    Google Scholar 

  41. Nadeem, A., Verwer, S., Moskal, S., & Yang, S. J. (2021). Sage: Intrusion alert-driven attack graph extractor. ar**v preprint ar**v:2107.02783.

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, National Institute of Technology Patna, Patna, Bihar, India

    Neha & Anubha Maurya

Authors
  1. Neha
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Anubha Maurya
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Neha .

Editor information

Editors and Affiliations

  1. Department of Computer Science, KIET Group of Institutions, Ghaziabad, Delhi, India

    Pradeep Kumar Singh

  2. Institute of Computer Science, Polish Academy of Sciences, Warsaw, Poland

    Sławomir T. Wierzchoń

  3. Department of Computer Science and Engineering, Nirma University, Ahmedabad, India

    Sudeep Tanwar

  4. Federal University of Piauí, Teresina, Brazil

    Joel J. P. C. Rodrigues

  5. Faculty of Mathematics and Informatics, Warsaw University of Technology, Warsaw, Poland

    Maria Ganzha

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Neha, Maurya, A. (2023). Cyber Attack Modeling Recent Approaches: A Review. In: Singh, P.K., Wierzchoń, S.T., Tanwar, S., Rodrigues, J.J.P.C., Ganzha, M. (eds) Proceedings of Third International Conference on Computing, Communications, and Cyber-Security. Lecture Notes in Networks and Systems, vol 421. Springer, Singapore. https://doi.org/10.1007/978-981-19-1142-2_68

Download citation

  • DOI: https://doi.org/10.1007/978-981-19-1142-2_68

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-19-1141-5

  • Online ISBN: 978-981-19-1142-2

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation