Exploiting Bayesian Networks for the Analysis of Combined Attack Trees

被引:25
作者
Gribaudo, Marco [1 ]
Iacono, Mauro [2 ]
Marrone, Stefano [3 ]
机构
[1] Politecn Milan, Dipartimento Elettron Informaz & Bioingn, I-20133 Milan, Italy
[2] Univ Naples 2, Dipartimento Sci Polit, Caserta, Italy
[3] Univ Naples 2, Dipartimento Matemat & Fis, Caserta, Italy
来源
ELECTRONIC NOTES IN THEORETICAL COMPUTER SCIENCE | 2015年 / 310卷
关键词
Attack Trees; Quantitative Risk Assessement; Bayesian Networks; Model Transformations;
D O I
10.1016/j.entcs.2014.12.014
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
The growing need to find proper countermeasures able to protect critical infrastructures from threats has addressed the definition of quantitative methodologies for risk assessment. One of the most difficult aspects in this topic is the evaluation of the effects of attacks. Attacks Trees represent one of the most used formalisms in the modeling of attack scenarios: notwithstanding some extensions have been proposed to enrich the expressiveness of the original formalism, some effort should be spent on their analyzability. This paper defines a transformational approach that translates Attack Trees into Bayesian Networks. The proposed approach can cope with different Attack Trees extensions; moreover, it allows the quantitative evaluation of combined attacks modelled as a set of Attack Trees.
引用
收藏
页码:91 / 111
页数:21
相关论文
共 31 条
[1]  
Cozman F. G., JAVABAYES USER MANUA
[2]   Petri net based evaluation of energy consumption in wireless sensor nodes [J].
D'Arienzo, Maurizio ;
Iacono, Mauro ;
Marrone, Stefano ;
Nardone, Roberto .
JOURNAL OF HIGH SPEED NETWORKS, 2013, 19 (04) :339-358
[3]  
DARIENZO M, 2013, ADV INF NETW APPL WO, P1588, DOI DOI 10.1109/WAINA.2013.33
[4]   Model-driven estimation of distributed vulnerability in complex railway networks [J].
Drago, Annarita ;
Marrone, Stefano ;
Mazzocca, Nicola ;
Tedesco, Annarita ;
Vittorini, Valeria .
2013 IEEE 10TH INTERNATIONAL CONFERENCE ON AND 10TH INTERNATIONAL CONFERENCE ON AUTONOMIC AND TRUSTED COMPUTING (UIC/ATC) UBIQUITOUS INTELLIGENCE AND COMPUTING, 2013, :380-387
[5]  
Edge K. S., 2006, P 2006 IEEE C MIL CO, P953
[6]  
Einarsson S, 1998, RISK ANAL, V18, P535, DOI 10.1111/j.1539-6924.1998.tb00367.x
[7]  
Ficco Massimo, 2013, International Journal of High Performance Computing and Networking, V7, P173
[8]  
Ficco M., 2011, P 13 EUR WORKSH DEP, P15, DOI [10.1145/1978582.1978586, DOI 10.1145/1978582.1978586]
[9]  
Flammini F., 2013, SECURITY ENG INTELLI, V8128, P442
[10]   A MULTIFORMALISM MODULAR APPROACH TO ERTMS/ETCS FAILURE MODELING [J].
Flammini, Francesco ;
Marrone, Stefano ;
Iacono, Mauro ;
Mazzocca, Nicola ;
Vittorini, Valeria .
INTERNATIONAL JOURNAL OF RELIABILITY QUALITY AND SAFETY ENGINEERING, 2014, 21 (01)
1234