Attacker Profiling in Quantitative Security Assessment

TitleAttacker Profiling in Quantitative Security Assessment
Publication TypeThesis
Year of Publication2014
AuthorsD. Sari P
Date PublishedJanuary
UniversityTallinn University of Technology
Thesis Typemasters
KeywordsAttacker, Quantitative, Security Assessment

In the past decades of cyber warfare, cyber-attack has grown its complexity in attack patterns and impacted a vast geographical area, therefore attack trees are suitable to describe possible security threat of a system. An attack tree consists of root node that represents attacker's goal and leaf nodes constituting as attack steps required to be executed by an attacker to achieve the successful state. Development of an attack tree for a system may begin with a simple tree, but later will allow to refine these attacks into more atomic steps. There are two types of refinements which commonly used nowadays - the conjunctive refinement and the disjunctive one. Quantitative analysis based on attack trees, utilizes bottom-up parameter propagation approach. Single-parameter propagation method was introduced in 1999 by Schneier [1], later on improved by Mauw et al. [2]. This method assigns single quantitative parameter for each leaf in an attack tree and propagates this parameter using bottom-up technique towards the root node. Furthermore, the final value of the root node as the result of the analysis is used to form conclusions. However, another method was introduced back in 2006 which suggests to assign many parameters for each leaf in an attack tree, to calculate attacker's utilities in the leaf nodes and propagate it towards the root node. Buldas et al. called it multi-parameter approach [3]. We propose a new factor to be considered for the attack tree based quantitative analysis. ?Attacker profile? is a formalized description of malicious actor's resources and capabilities or skill levels. Reason for this proposal comes from difficulties in estimating parameters of leaves in an attack tree, which values depend on available resources and set of skills of malicious actors. In addition, we would like to highlight that application of ?Attacker Profile? to an attack tree can invalidates some nodes and thus will eliminate several sub-trees of the overall attack tree. Therefore, the resulting tree describes possible attack steps of the particular attacker. Furthermore, we investigate and analyze if attacker profile is a useful concept for quantitative assessment of securitybased on attack tree methodology.