Abstract
The advancement in cyber technology has enhanced user convenience tremendously hence accelerated its uses. But at the same time, cyber frauds, threats, and attacks have increased with same pace. So, to protect our cyber system and devices from them, cyber attack modeling is quite essential and challenging task. It provides us the chance to detect and protect our system by applying suitable security measures to them. There are many attack modeling techniques available today. This paper provides an elaborate discussion on the two very popular graphical attack modeling techniques, that is Attack graph and attack tree-based approaches. A comparative analysis of various works done in these techniques is presented here.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
2020 Internet Crime Report.
Shirey, R. (2007). Internet security glossary, version 2.
Swiler, L. P., Phillips, C., & Gaylor, T. (1998). A graph-based network-vulnerability analysis system (No. SAND-97-3010/1). Sandia National Labs.
Haasl, D. F., Roberts, N. H., Vesely, W. E., & Goldberg, F. F. (1981). Fault tree handbook (No. NUREG-0492). Nuclear Regulatory Commission.
Schneier, B. (1999). Attack trees. Dr. Dobb’s Journal, 24(12), 21–29.
Horne, R., Mauw, S., & Tiu, A. (2017). Semantics for specialising attack trees based on linear logic. Fundamenta Informaticae, 153(1–2), 57–86.
Jhawar, R., Kordy, B., Mauw, S., Radomirović, S., & Trujillo-Rasua, R. (2015). Attack trees with sequential conjunction. In IFIP International Information Security and Privacy Conference (pp. 339–353). Springer.
Kordy, B., Mauw, S., Radomirović, S., & Schweitzer, P. (2014). Attack-defense trees. Journal of Logic and Computation, 24(1), 55–87.
Mauw, S., & Oostdijk, M. (2005). Foundations of attack trees. In International Conference on Information Security and Cryptology (pp. 186–198). Springer.
Hermanns, H., Krämer, J., Kršál, J., & Stoelinga, M. (2016). The value of attack-defence diagrams. In International Conference on Principles of Security and Trust (pp. 163–185). Springer.
Roy, A., Kim, D. S., & Trivedi, K. S. (2012). Attack countermeasure trees (ACT): Towards unifying the constructs of attack and defense trees. Security and Communication Networks, 5(8), 929–943.
Jürgenson, A., & Willemson, J. (2015). Computing exact outcomes of multi-parameter attack trees. In OTM Confederated International Conferences On the Move to Meaningful Internet Systems (pp. 1036–1051). Springer.
Cheung, S., Lindqvist, U., & Fong, M. W. (2003). Modeling multistep cyber attacks for scenario recognition. In Proceedings DARPA Information Survivability Conference and Exposition (Vol. 1, pp. 284–292). IEEE.
Valdes, A., & Skinner, K. (2001). Probabilistic alert correlation. In International Workshop on Recent Advances in Intrusion Detection (pp. 54–68). Springer.
Porras, P. A., Fong, M. W., & Valdes, A. (2002). A mission-impact-based approach to INFOSEC alarm correlation. In International Workshop on Recent Advances in Intrusion Detection (pp. 95–114). Springer.
Qin, X., & Lee, W. (2003). Statistical causality analysis of INFOSEC alert data. In International Workshop on Recent Advances in Intrusion Detection (pp. 73–93). Springer.
Petri, C. A. (1962). Communication with automata [Ph.D. thesis]. Technische Universitat Darmstadt.
Zakrzewska, A. N., & Ferragut, E. M. (2011). Modeling cyber conflicts using an extended Petri Net formalism. In 2011 IEEE Symposium on Computational Intelligence in Cyber Security (CICS) (pp. 60–67). IEEE.
Petty, M. D., Whitaker, T. S., Bland, J. A., Cantrell, W. A., & Mayfield, K. P. (2019). Modeling cyberattacks with extended petri nets: Research program overview and status report. In Proceedings of the International Conference on Modeling, Simulation and Visualization Methods (MSV) (pp. 27–33). The Steering Committee of The World Congress in Computer Science, Computer Engineering and Applied Computing (WorldComp).
Audinot, M., Pinchinat, S., & Kordy, B. (2017). Is my attack tree correct? In European Symposium on Research in Computer Security (pp. 83–102). Springer.
Vigo, R., Nielson, F., & Nielson, H. R. (2014). Automated generation of attack trees. In 2014 IEEE 27th Computer Security Foundations Symposium (pp. 337–350). IEEE.
Vigo, R., Nielson, F., & Nielson, H. R. (2016). Discovering, quantifying, and displaying attacks. ar**v preprint ar**v:1607.07720.
Pinchinat, S., Acher, M., & Vojtisek, D. (2014). Towards synthesis of attack trees for supporting computer-aided risk analysis. In International Conference on Software Engineering and Formal Methods (pp. 363–375). Springer.
Pinchinat, S., Acher, M., & Vojtisek, D. (2015). ATSyRa: An integrated environment for synthesizing attack trees. In International Workshop on Graphical Models for Security (pp. 97–101). Springer.
Gadyatskaya, O., Jhawar, R., Mauw, S., Trujillo-Rasua, R., & Willemse, T. A. C. (2017). Refinement-aware generation of attack trees. In International Workshop on Security and Trust Management (pp. 164–179). Springer.
Ivanova, M. G., Probst, C. W., Hansen, R. R., & Kammüller, F. (2015). Attack tree generation by policy invalidation. In IFIP International Conference on Information Security Theory and Practice (pp. 249–259). Springer.
Ivanova, M. G., Probst, C. W., Hansen, R. R., & Kammüller, F. (2015). Transforming graphical system models to graphical attack models. In International Workshop on Graphical Models for Security (pp. 82–96). Springer.
Ammann, P., Wijesekera, D., & Kaushik, S. (2002). Scalable, graph-based network vulnerability analysis. In Proceedings of the 9th ACM Conference on Computer and Communications Security (pp. 217–224).
Ritchey, R. W., & Ammann, P. (2000). Using model checking to analyze network vulnerabilities. In Proceeding 2000 IEEE Symposium on Security and Privacy, S&P 2000 (pp. 156–165). IEEE.
Jajodia, S., & Noel, S. (2010). Topological vulnerability analysis. In Cyber situational awareness (pp. 139–154). Springer.
Noel, S., Elder, M., Jajodia, S., Kalapa, P., O’Hare, S., & Prole, K. (2009). Advances in topological vulnerability analysis. In 2009 Cybersecurity Applications & Technology Conference for Homeland Security (pp. 124–129). IEEE.
Wang, L., Albanese, M., & Jajodia, S. (2014). Attack graph and network hardening. In Network hardening (pp. 15–22). Springer.
Wang, L., Albanese, M., & Jajodia, S. (2014). Minimum-cost network hardening. In Network hardening (pp. 23–38). Springer.
Wang, L., Albanese, M., & Jajodia, S. (2014). Linear-time network hardening. In Network hardening (pp. 39–58). Springer.
Beckers, K., Krautsevich, L., & Yautsiukhin, A. (2014) Analysis of social engineering threats with attack graphs. In Data privacy management, autonomous spontaneous security, and security assurance (pp. 216–232). Springer.
Aslanyan, Z., & Nielson, F. (2016). Pareto efficient solutions of attack-defence trees. In International Conference on Principles of Security and Trust (pp. 95–114). Springer.
Kordy, B., & Wideł, W. (2017). How well can I secure my system? In International Conference on Integrated Formal Methods (pp. 332–347). Springer.
Kordy, B., & Wideł, W. (2018). On quantitative analysis of attack-defense trees with repeated labels. In International Conference on Principles of Security and Trust (pp. 325–346). Springer.
Singh, V. P., & Ujjwal, R. L. (2019). Privacy attack modeling and risk assessment method for name data networking. In Advances in Computer Communication and Computational Sciences (pp. 109–119). Springer.
Meyur, R. (2020). A Bayesian attack tree based approach to assess cyber-physical security of power system. In 2020 IEEE Texas Power and Energy Conference (TPEC) (pp. 1–6). IEEE.
Nadeem, A., Verwer, S., Moskal, S., & Yang, S. J. (2021). Sage: Intrusion alert-driven attack graph extractor. ar**v preprint ar**v:2107.02783.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Neha, Maurya, A. (2023). Cyber Attack Modeling Recent Approaches: A Review. In: Singh, P.K., Wierzchoń, S.T., Tanwar, S., Rodrigues, J.J.P.C., Ganzha, M. (eds) Proceedings of Third International Conference on Computing, Communications, and Cyber-Security. Lecture Notes in Networks and Systems, vol 421. Springer, Singapore. https://doi.org/10.1007/978-981-19-1142-2_68
Download citation
DOI: https://doi.org/10.1007/978-981-19-1142-2_68
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-19-1141-5
Online ISBN: 978-981-19-1142-2
eBook Packages: EngineeringEngineering (R0)