A Self-evolution Attack Tree Method Based on the MDATA Model for Attack Tactics Recommendation

Aiming at the lack of individualization of current course resources in distance education, an intelligent recommendation model for distance education courses based on facial expression recognition is designed. Extract data that can represent the characteristics of the resource, such as title, subject, category, path, source, author, date, keywords, description information, etc., and represent the resource in the form of learning object metadata under the LOM specification. Use Reload Edtior 2.5.5 to edit metadata and package course content. Through the establishment of learning resource model, the structure of resources is more obvious, which is convenient for resource sharing and searching. Using the modeling method of requirement tree, the user requirement model is constructed based on ontology. Based on facial expression recognition, the framework of Intelligent Recommendation Model of distance education course is built, and the intelligent recommendation model of distance education course is constructed. Through comparative experiments, it is verified that the recommendation accuracy of Intelligent Recommendation Model Based on facial expression recognition is higher than the other two recommendation models, and it has high practicability.

Information technology (IT) security risk analysis preventatively helps organizations in identifying their vulnerable systems or internal controls. Some researchers propose expert systems (ES) as the solution for risk analysis automation since risk analysis by human experts is expensive and timely. By design, ES need a knowledge base, which must be up to date and of high quality. Manual creation of databases is also expensive and cannot ensure stable information renewal. These facts make the knowledge base automation process very important. This paper proposes a novel method of converting attack trees to a format usable by expert systems for utilizing the existing attack tree repositories in facilitating information and IT security risk analysis. The method performs attack tree translation into the Java Expert System Shell (JESS) format, by consistently applying ATTop, a software bridging tool that enables automated analysis of attack trees using a model-driven engineering approach, translating attack trees into the eXtensible Markup Language (XML) format, and using the newly developed ATES (attack trees to expert system) program, performing further XML conversion into JESS compatible format. The detailed method description, along with samples of attack tree conversion and results of conversion experiments on a significant number of attack trees, are presented and discussed. The results demonstrate the high method reliability rate and viability of attack trees as a source for the knowledge bases of expert systems used in the IT security risk analysis process.

The electronic-examination (e-exam) system is not only transforming the paper-based examination to the electronic-based examination. The e-exam system has a big security challenge that must be resolved to guarantee the trust of its users. This paper aims at analyzing security challenges of an e-exam system and proposing a solution using Attack and Defense Tree methods. The attack tree scheme was defined by risk assessment methods. The attack tree was evaluated by penetration test experiments against a server running the e-exam application. A proposed defense tree scheme against the identified attack tree was presented as the main contribution of this research. This contribution can be used as a guideline to plan similar e-exam systems and can be served as a starting point for future research towards a comprehensive attack-defense tree of the secure e-exam system.

Attribute evaluation on attack trees with incomplete information

Electric Power Information Networks are the infrastructure, which not only ensures electric power system operating securely as well as stably, but also promotes power companies'effective and continuable run. Electric power dispatch systems, management information systems, customer relation systems and so on, are all built on this infrastructure. It is an important task for network administrators of electric power industry to monitor, control and manage electric power information networks. Through installing safeguards, such as firewalls, intrusion detection systems and anti-virus systems, the reliability of Electric Power Information Networks has been improved to a certain extent. However, threats also exist due to the loss of comprehensive understanding about network vulnerability. System methods should be employed to the vulnerability research of electric power information networks. Modeling Electric Power Information Network vulnerability and finding network flaws become more and more critical. A network intruder will take a series of actions to achieve a certain goal, and each action will change the state of a network. Thereby attack trees can be used to model the vulnerability of a network. An attack tree can be viewed as a directed tree where vertices represent network states and edges represent actions that lead state transitions. Root vertex is a certain goal. Any path from a leaf vertex to the root vertex is a whole attack pattern violating the security property of a network. A node of an attack tree can be decomposed as a set of attack sub-goals, either all of which must be achieved for the attack to succeed, or any one of which must be achieved for the attack to succeed. So there are two decomposition operations in an attack tree: AND and OR. Formal logic can be applied to attack analysis. Thus we can model attacks for network vulnerability analysis. This modeling method has two major advantages. At first it can be used to analyze the flaws of a network and find unknown flaws. Secondly network administrators use it to handle flaws rationally under the limits of the finite resources. Electric power information networks are generally made up of production control networks, enterprise management networks and external networks. They are connected and form a complex network. It is necessary to comprehend and analyze its vulnerability. An information network of an electric power plant is illustrated, and attack modeling is used to analyze its vulnerability. Industry control computers can manipulate electric devices. It is vital to guarantee industry control computers. Hence the goal is set to obtain the administrator right of an industry control computer. An attack tree is constructed tolocate the flaws of the network. Some advices to network security administrators are given. It is an attempt to formulate the security administration of electric power information networks using attack trees. Faulty Tree Method (FTM) has been used to analysis the reliability of power systems. Attack tree can help integrate the reliability analysis of the hybrid system consisting of an electric power system and an electric power information network system.

Attack model is the foundation for organizing and implementing attacks against the target system in Attack Resistance Test. By redefining the node of the attack tree model and redescribing the relation of the attack tree nodes, we build a penetration attack tree model which can describe, organize, classify, manage and schedule the attacks for Attack Resistance Test. The organization method of the penetration attack tree is designed in this paper, and an algorithm of attack serialization is put forward. We also design and realize a penetration attack system whose attack scheme is the instance of the model. In the end we present an execution example of the penetration attack system. The example shows that the penetration attack model can describe the logical relationship of the attacks detailedly and effectively, and its serialization result can provide the guidance for penetration attack.

With the rapidly increasing demands of e-government systems in smart cities, a myriad of challenges and issues are required to be addressed. Among them, security is one of the prime concerns. To this end, we analyze different e-government systems and find that an e-government system built with container-based technology is endowed with many features. In addition, overhauling the architecture of container-technology-driven e-government systems, we observe that securing an e-government system demands quantifying security issues (vulnerabilities, threats, attacks, and risks) and the related countermeasures. Notably, we find that the Attack Tree and Attack–Defense Tree methods are state-of-the-art approaches in these aspects. Consequently, in this paper, we work on quantifying the security attributes, measures, and metrics of an e-government system using Attack Trees and Attack–Defense Trees—in this context, we build a working prototype of an e-government system aligned with the United Kingdom (UK) government portal, which is in line with our research scope. In particular, we propose a novel measure to quantify the probability of attack success using a risk matrix and normal distribution. The probabilistic analysis distinguishes the attack and defense levels more intuitively in e-government systems. Moreover, it infers the importance of enhancing security in e-government systems. In particular, the analysis shows that an e-government system is fairly unsafe with a 99% probability of being subject to attacks, and even with a defense mechanism, the probability of attack lies around 97%, which directs us to pay close attention to e-government security. In sum, our implications can serve as a benchmark for evaluation for governments to determine the next steps in consolidating e-government system security.

Used by both information systems designers and security personnel, the Attack Tree method provides a graphical analysis of the ways in which an entity (a computer system or network, an entire organization, etc.) can be attacked and indicates the countermeasures that can be taken to prevent the attackers to reach their objective. In this paper, we built an Attack Tree focused on the goal “compromising the security of a Web platform”, considering the most common vulnerabilities of the WordPress platform identified by CVE (Common Vulnerabilities and Exposures), a global reference system for recording information regarding computer security threats. Finally, based on the likelihood of the attacks, we made a quantitative analysis of the probability that the security of the Web platform can be compromised.

As the Ground Station as a Service (GSaaS) paradigm transforms space infrastructure operations, new attack surface emerges for malicious actors. While the space community generally refers to GSaaS as a singular model, there are several flavors of these systems. After a description of the general GSaaS network's basic structure, this paper presents an analysis of four reference architectures of GSaaS. On the basis of this systems engineering analysis, a cybersecurity analysis of the critical nodes will be carried out through the attack tree method. Later the cybersecurity implication both of technical and strategic characteristic of GSaaS networks will be discussed and put in relation with the current state of space cyberwarfare landscape.

Nowadays, security analysis of complex systems has become a major concern. Many works have been achieved to reduce vulnerabilities in such systems. However, existing methods used to perform security assessment as a holistic approach are still poorly instrumented and limited in scope. In this work, we propose methodology and associated framework for security analysis. The methodology relies upon model-driven engineering approach and combines two types of methods: a qualitative method named EBIOS that is usually simple and helps to identify critical parts of the system; then a quantitative method, the Attack Trees method, that is more complex but gives more accurate results. We present the automatic generation of Attack trees from EBIOS analysis phase. We show on a SCADA system case study how our process can be applied.KeywordsSecurityModel-driven engineeringUML profilesEBIOSAttack treesPapyrus

This paper examines cybersecurity threats in high-altitude platform station (HAPS) systems through reference architecture and attack tree methods. Given the rising commercial and military interest in these systems to enable next-generation 6G and hybrid telecommunication architectures, the threat of cyber and electronic attacks is increasing. The study focuses on providing the complete reference architecture of an aerostatic HAPS system equipped with a hybrid free-space optical and radio frequency transponder payload to be employed as a node of a nonterrestrial network. This study investigates potential attack vectors across various subsystems by coupling the attack tree methodology with the attack surface mapping derived from the reference architecture. Recommendations for mitigating cyberthreats and a secure-by-design approach are proposed to enhance the safety of future HAPS systems.

GraphQL is a query language that allows clients to request specific data from an API, making it more efficient and flexible compared to traditional REST APIs. This makes applications faster and more efficient by reducing data over-fetching, combining various data sources into a single request, and supporting schema changes without disrupting the integrity of existing applications. This study focuses on security testing and exploiting Denial of Service (DoS) vulnerabilities within GraphQL APIs. As a query language that is growing in popularity, GraphQL offers flexibility in data retrieval but is also vulnerable to DoS attacks. The research centers on DoS attacks using various exploitation techniques such as Circular Queries, Field Duplication, Alias Overloading, and Object Limit Overriding. Testing was conducted using the Kali Linux operating system and testing applications such as Altair and DVGA, employing the Threat Modeling Attack Tree method. The results of the testing show that the Field Duplication attack is the most effective, with the fastest execution time and relatively high CPU usage (2.5 seconds/88.5% reduced to 1.86 seconds/75.50%), while the lowest risk was found in Alias Overloading (1412.05 seconds/99% reduced to 691.29 seconds/93%). Although Alias Overloading posed the lowest risk, it still resulted in high CPU usage, burdening the server significantly. This study provides an understanding of the importance of testing and strengthening API security to prevent DoS attacks. Keywords— API GraphQL, Attack Tree, Denial of Service, exploitation, Cpu, Time

Distributed Denial of Service (DDoS) is a serious computer network attack which can cause extreme performance degradation on the victim server. This paper presents a formal and methodical way of modeling DDoS attack by the method of Augmented Attack Tree (AAT), and presents an AAT-based attack detection algorithm. This modeling explicitly captures the particular subtle incidents triggered by DDoS and the corresponding state transitions from the view of the network traffic transmission on the primary victim server. Two major contributions are given in this paper: (1) an AAT-based DDoS model (ADDoSAT) is developed to assess the potential threat from the malicious packets transmission on the primary victim server and to facilitate the detection of such attacks; (2) an AAT-based bottom-up detection algorithm is proposed to detect all kinds of attacks based on AAT modeling.

In this paper we present a holistic view on RFID security using logical entities that most RFID applications will use. Starting from an abstract model of anRFID-System we propose a generalized threat model for RFID-Systems based on the classical terms of information security: Confidentiality, Availability and Integrity. We use the method of attack trees for a listing of threats that apply to RFID-Systems. The key benefitis that this threat model enables a systematic analysis of a specific RFID-System's security and it allows to compare the security of RFID-Systems. By analyzing this threat listing we show that all parts of an RFID Systemare vulnerable to attacks and a single weakpoint in the system can breach information security.

Students often face challenges while learning computer programming because programming languages’ logic and visual presentations differ from human thought processes. If the course content does not closely match learners’ skill level, the learner cannot follow the learning process, resulting in frustration, low learning motivation, or abandonment. This research proposes a web programming learning recommendation system to provide students with personalized guidance and step-by-step learning planning. The system contains front-end and back-end web development instructions. It can create personalized learning paths to help learners achieve a sense of accomplishment. The system can help learners build self-confidence and improve learning effectiveness. In study 1, the recommendation system was developed based on the personal data and feedback of 41 professional web design engineers. The system uses C4.5 decision tree methods to develop a programming learning recommendation model to provide appropriate learning recommendations and establish personalized learning paths. The test group included 13 beginner programmers. After 4 weeks’ programming instructions in front-end and back-end web development, the learners were interviewed to understand their preferences and learning effectiveness. The results show that the effectiveness of the recommendation system is acceptable. In study 2, online real-time feedback and adaptive instruction platform is developed, which is different from the past adaptive curriculums mainly using the Internet platform and only the submitted assignments to determine the newly recommended learning process for students. The study found that the students’ learning performance in the adaptive instruction group is better than those in the fixed instruction group.