Attack trees are used in cybersecurity analysis to give an analyst a view of all the ways in which an attack can be carried out. Attack trees can become large, and developing them by hand can be tedious and error-prone. In this paper the automated generation of attack trees is considered. The method proposed is based on a library of attack templates – parameterisable patterns of attacks such as denial of service or eavesdropping – and that also uses an abstract model of the network architecture under attack. A pseudocode implementation of the method is also presented. The example application given is from the automotive domain and using an architecture consisting of linked CAN networks – a network configuration found in virtually every current vehicle.
|Title of host publication||Information Security Theory and Practice - 13th IFIP WG 11.2 International Conference, WISTP 2019, Proceedings|
|Editors||Maryline Laurent, Thanassis Giannetsos|
|Number of pages||11|
|Publication status||E-pub ahead of print - 2 Mar 2020|
|Event||International Conference on Information Security Theory and Practice - Paris, France|
Duration: 11 Dec 2019 → 12 Dec 2019
|Name||Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)|
|Conference||International Conference on Information Security Theory and Practice|
|Period||11/12/19 → 12/12/19|
Bibliographical noteThe final publication is available at Springer via http://dx.doi.org/10.1007/978-3-030-41702-4_10
Copyright © and Moral Rights are retained by the author(s) and/ or other copyright owners. A copy can be downloaded for personal non-commercial research or study, without prior permission or charge. This item cannot be reproduced or quoted extensively from without first obtaining permission in writing from the copyright holder(s). The content must not be changed in any way or sold commercially in any format or medium without the formal permission of the copyright holders.
- Attack trees
ASJC Scopus subject areas
- Theoretical Computer Science
- Computer Science(all)