TY - JOUR
T1 - Restructuring attack trees to identify incorrect or missing relationships between nodes
AU - Cai, Hua
AU - Washizaki, Hironori
AU - Fukazawa, Yoshiaki
AU - Okubo, Takao
AU - Kaiya, Haruhiko
AU - Yoshioka, Nobukazu
N1 - Publisher Copyright:
Copyright © 2019 for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0).
PY - 2021
Y1 - 2021
N2 - Attack trees are often used to analyze a system or detect application programs attacks. To aid in software design, a method to create safe and stable systems should be created. An attack tree has multiple levels and is composed of different nodes, including root nodes, internal nodes, and leaf nodes. These nodes can be separated into parent nodes and child nodes when discussing their relation. Child nodes are defined as conditions that must be satisfied to make their direct parent nodes true. Although an attack tree can express vertical relationships between nodes well, it usually ignores parallel relationships of different branch nodes. Moreover, the relation between parent-child nodes may be inaccurate due to a poorly designed attack tree. To solve these problems, we present a new way to derive an attack tree system in which the initial attack tree is reconstructed into a new attack tree using Interpretive Structural Modeling (abbr. ISM). The proposed method can easily correct the relation between parent-child nodes and identify horizontal relationships. Finally, the proposed method derives a clear attack tree for more precise system's threat analysis and better defensive measures.
AB - Attack trees are often used to analyze a system or detect application programs attacks. To aid in software design, a method to create safe and stable systems should be created. An attack tree has multiple levels and is composed of different nodes, including root nodes, internal nodes, and leaf nodes. These nodes can be separated into parent nodes and child nodes when discussing their relation. Child nodes are defined as conditions that must be satisfied to make their direct parent nodes true. Although an attack tree can express vertical relationships between nodes well, it usually ignores parallel relationships of different branch nodes. Moreover, the relation between parent-child nodes may be inaccurate due to a poorly designed attack tree. To solve these problems, we present a new way to derive an attack tree system in which the initial attack tree is reconstructed into a new attack tree using Interpretive Structural Modeling (abbr. ISM). The proposed method can easily correct the relation between parent-child nodes and identify horizontal relationships. Finally, the proposed method derives a clear attack tree for more precise system's threat analysis and better defensive measures.
KW - Attack tree
KW - ISM
KW - Model
KW - Security
UR - http://www.scopus.com/inward/record.url?scp=85101295161&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85101295161&partnerID=8YFLogxK
M3 - Conference article
AN - SCOPUS:85101295161
SN - 1613-0073
VL - 2809
SP - 18
EP - 25
JO - CEUR Workshop Proceedings
JF - CEUR Workshop Proceedings
T2 - 2018 International Workshop on Evidence-Based Security and Privacy in the Wild and the 1st International Workshop on Machine Learning Systems Engineering, WESPr-iMLSE 2018
Y2 - 4 December 2018
ER -