Time-dependent analysis of attacks

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 8414 LNCS, Issue , 2014, Pages 285-305

  Arnold, Florian ^a   Hermanns, Holger ^b   Pulungan, Reza ^c   Stoelinga, Mariëlle ^a  

^a UNIVERSITY OF TWENTE   (Netherlands)

^b SAARLAND UNIVERSITY   (Germany)

^c GADJAH MADA UNIVERSITY   (Indonesia)

Author keywords

[No Author keywords available]

Indexed keywords

FORESTRY;

COMPRESSION TECHNIQUES; ENTIRE SYSTEM; ORDERS OF MAGNITUDE; PHASE TYPE DISTRIBUTIONS; SECURITY ATTACKS; TIME DEPENDENT BEHAVIOR; TIME PROGRESS; TIME-DEPENDENT ANALYSIS;

PROBABILITY DISTRIBUTIONS;

DISTRIBUTION; FORESTRY; PROBABILITY;

EID: 84900528864     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/978-3-642-54792-8_16     Document Type: Conference Paper

References (37)

1. Basin, D.A., Capkun, S.: The research value of publishing attacks. Commun. ACM 55(11), 22-24 (2012)
2. Köpf, B., Malacaria, P., Palamidessi, C.: Quantitative Security Analysis (Dagstuhl Seminar 12481). Dagstuhl Reports 2(11), 135-154 (2013)
3. Schneier, B.: Attack trees: Modeling security threats. Dr. Dobb's Journal 24(12) (December 1999)
4. Jürgenson, A., Willemson, J.: Computing exact outcomes of multi-parameter attack trees. In: Meersman, R., Tari, Z. (eds.) OTM 2008, Part II. LNCS, vol. 5332, pp. 1036-1051. Springer, Heidelberg (2008)
5. Kordy, B., Pouly, M., Schweitzer, P.: Computational aspects of attack-defense trees. In: Bouvry, P., Kłopotek, M.A., Leprévost, F., Marciniak, M., Mykowiecka, A., Rybiński, H. (eds.) SIIS 2011. LNCS, vol. 7053, pp. 103-116. Springer, Heidelberg (2012)
6. Roy, A., Kim, D., Trivedi, K.: Attack countermeasure trees (act): towards unifying the constructs of attack and defense trees. Sec. and Commun. Netw. 5(8), 929-943 (2012)
7. Zonouz, S., Khurana, H., Sanders, W., Yardley, T.: Rre: A game-theoretic intrusion response and recovery engine. In: IEEE/IFIP International Conference on Dependable Systems Networks, DSN 2009, pp. 439-448 (July 2009)
8. Ray, I., Poolsapassit, N.: Using attack trees to identify malicious attacks from authorized insiders. In: de Capitani di Vimercati, S., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 231-246. Springer, Heidelberg (2005)
9. Horváth, A., Telek, M.: PhFit: A general phase-type fitting tool. In: Field, T., Harrison, P.G., Bradley, J., Harder, U. (eds.) TOOLS 2002. LNCS, vol. 2324, pp. 82-91. Springer, Heidelberg (2002)
10. Thümmler, A., Buchholz, P., Telek, M.: A novel approach for phase-type fitting with the EM algorithm. IEEE Trans. Dependable Sec. Comput. 3(3), 245-258 (2006)
11. Weiss, J.: A system security engineering process. In: Proceedings of the 14th National Computer Security Conference, pp. 572-581 (1991)
12. Amoroso, E.: Fundamentals of computer security technology. Prentice-Hall, Inc., Upper Saddle River (1994)
13. Kordy, B., Pietre-Cambacedes, L., Schweitzer, P.: DAG-based attack and defense modeling: Don't miss the forest for the attack trees. CoRR abs/1303.7397 (2013)
14. Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186-198. Springer, Heidelberg (2006)
15. Bistarelli, S., Peretti, P., Trubitsyna, I.: Analyzing security scenarios using defence trees and answer set programming. Electron. Notes Theor. Comput. Sci. 197(2), 121-129 (2008)
16. Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Foundations of attack-defense trees. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 80-95. Springer, Heidelberg (2011)
17. Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.: Automated generation and analysis of attack graphs. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 273-284 (2002)
18. McQueen, M., Boyer, W., Flynn, M., Beitel, G.: Quantitative cyber risk reduction estimation methodology for a small SCADA control system. In: Proceedings of the 39th Annual Hawaii International Conference on System Sciences, HICSS 2006, vol. 9, pp. 226 (2006)
19. LeMay, E., Ford, M.D., Keefe, K., Sanders, W.H., Muehrcke, C.: Model-based security metrics using adversary view security evaluation (advise). In: Proceedings of the 2011 Eighth International Conference on Quantitative Evaluation of SysTems, QEST 2011, pp. 191-200. IEEE Computer Society (2011)
20. McDermott, J.: Attack net penetration testing. In: Proceedings of the 2000 Workshop on New Security Paradigms, NSPW 2000, pp. 15-21. ACM, New York (2000)
21. Piètre-Cambacédès, L., Bouissou, M.: Beyond attack trees: Dynamic security modeling with boolean logic driven Markov processes (BDMP). In: European Dependable Computing Conference (EDCC), pp. 199-208 (April 2010)
22. Piètre-Cambacédès, L., Bouissou, M.: Attack and defense modeling with BDMP. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2010. LNCS, vol. 6258, pp. 86-101. Springer, Heidelberg (2010)
23. Johnson, M.A., Taaffe, M.R.: The denseness of phase distributions. School of Industrial Engineering Research Memoranda 88-20, Purdue University (1988)
24. Asmussen, S., Nerman, O., Olsson, M.: Fitting phase-type distributions via the EM algorithm. Scandinavian Journal of Statistics 23(4), 419-441 (1996)
25. Neuts, M.F.: Matrix-Geometric Solutions in Stochastic Models: An Algorithmic Approach. Dover (1981)
26. He, Q.M., Zhang, H.: Spectral polynomial algorithms for computing bi-diagonal representations for phase type distributions and matrix-exponential distributions. Stochastic Models 2(2), 289-317 (2006)
27. Cox, D.R.: A use of complex probabilities in the theory of stochastic processes. Proceedings of the Cambridge Philosophical Society 51(2), 313-319 (1955)
28. Cumani, A.: Canonical representation of homogeneous Markov processes modelling failure time distributions. Microelectronics and Reliability 2(3), 583-602 (1982)
29. Pulungan, R., Hermanns, H.: Acyclic minimality by construction-almost. In: QEST, pp. 63-72. IEEE Computer Society (2009)
30. Buchholz, P.: Exact and ordinary lumpability in finite Markov chains. Journal of Applied Probability 31, 59-75 (1994)
31. Jonsson, E., Olovsson, T.: A quantitative model of the security intrusion process based on attacker behavior. IEEE Transactions on Software Engineering 23(4), 235-245 (1997)
32. Reibman, A.L., Trivedi, K.S.: Numerical transient analysis of Markov models. Computers & OR 15(1), 19-36 (1988)
33. Fox, B.L., Glynn, P.W.: Computing poisson probabilities. Commun. ACM 31(4), 440-445 (1988)
34. Kwiatkowska, M.Z., Norman, G., Parker, D.: Probabilistic symbolic model checking with prism: a hybrid approach. STTT 6(2), 128-142 (2004)
35. Katoen, J.P., Zapreev, I.S., Hahn, E.M., Hermanns, H., Jansen, D.N.: The ins and outs of the probabilistic model checker mrmc. Perform. Eval. 68(2), 90-104 (2011)
36. Kriaa, S., Bouissou, M., Piètre-Cambacédès, L.: Modeling the stuxnet attack with BDMP: Towards more formal risk assessments. In: 7th International Conference on Risk and Security of Internet and Systems (CRiSIS), pp. 1-8 (October 2012)
37. The TREsPASS project: http://www.trespass-project.eu