A New Correlation Model of IoT Attack Based on Attack Tree

Abstract

With the development of Internet of Things (IoT) technology, IoT attacks are more and more frequent. It's difficult to express the lateral IoT attack actions by the common models. Aiming at the problem of IoT attack modeling, this paper proposes a novel channel attack tree (Channel-AT) model. Firstly, we investigate the method of constructing an attack tree model automatically. The edges of attack trees are mined based on sequential patterns and association rules, and the attack tree is constructed under the same target. Then, we study the method of constructing Channel-AT model from the attack tree set. Attackers can use the channels to attack laterally among different attack trees. IoT attack channels are extracted among attack trees by two methods. One is that we can extract information channels as attack channels. Also, we calculate the similarity of nodes in different attack trees. There can be one attack channel if two nodes are very similar. Our work proposes a new correlation model which concludes the attack process, attack goal, and lateral attack action. Besides, we study the automatic modeling method based on sequential patterns and association rules.