A Template-based Method for the Generation of Attack Trees

Jeremy Bryans, Lin Shen Liew, Hoang Nga Nguyen, Giedre Sabaliauskaite, Siraj Shaikh, Fengjun Zhou

Research output: Contribution to conferencePaper

Abstract

Attack trees are used in cybersecurity analysis to give an analyst a view of all the ways in which an attack can be carried out. Attack trees can become large, and developing them by hand can be tedious and error-prone. In this paper the automated generation of attack trees is considered. The method proposed is based on a library of attack templates – parameterisable patterns of attacks such as denial of service or eavesdropping – and that also uses an abstract model of the network
architecture under attack. A pseudocode implementation of the method is also presented. The example application given is from the automotive domain and using an architecture consisting of linked CAN networks – a network configuration found in virtually every current vehicle.
Original languageEnglish
Publication statusAccepted/In press - 14 Nov 2019
EventInternational Conference on Information Security Theory and Practice - Paris, France
Duration: 11 Dec 201912 Dec 2019
http://www.wistp.org/

Conference

ConferenceInternational Conference on Information Security Theory and Practice
Abbreviated titleWISTP
CountryFrance
CityParis
Period11/12/1912/12/19
Internet address

Cite this

Bryans, J., Liew, L. S., Nguyen, H. N., Sabaliauskaite, G., Shaikh, S., & Zhou, F. (Accepted/In press). A Template-based Method for the Generation of Attack Trees. Paper presented at International Conference on Information Security Theory and Practice, Paris, France.