Attack modelling and security evaluation based on stochastic activity networks

Abstract

An appropriate model of attacker behaviour is a key requirement for quantitative security evaluation. Motivated by the fact that attacker behaviour is affected by some social factors such as monetary costs and benefits rather than merely the technical aspects of the target system, we proposed an attack modelling approach based on a hierarchical and coloured extension of stochastic activity networks HCSANs. This approach is called HCSAN-based attack modelling. By using this approach, multistage attacks can be modelled following the attack tree paradigm. Also, attacker behaviour can be modelled as a strategic decision-making process that accounts for the following factors affecting the attacker's decisions: 1 the goals of attack; 2 the cost and risk associated with available strategies; and 3 the target system's possible responses. Furthermore, we put forward an analytic solution method to measure security attributes i.e. confidentiality, integrity and availability and estimated two important quantitative security measures, which are the mean time to security failure and attack success probability. Additionally, we introduce a parametric sensitivity analysis method, which can be used to determine the sensitivity of the evaluated measures to different model parameters and optimize the model accordingly. Finally, we demonstrated how this approach can be used for survivability enhancement of the system using a well-known risk assessment process. Copyright © 2013 John Wiley & Sons, Ltd.