Abstract
Attack graphs and attack trees are a popular method of mathematically and visually representing the sequence of events that lead to a successful cyber-attack. Despite their popularity, there is no standardised attack graph or attack tree visual syntax configuration,and more than seventy self-nominated attack graph and twenty attack tree configurations have been described in the literature – each of which presents attributes such as preconditions and exploits in a different way. This research proposes a practitioner-preferred attack graph visual syntax configuration which can be used to effectively present cyber-attacks.Comprehensive data on participant (n=212) preferences was obtained through a choice based conjoint design in which participants scored attack graph configuration based on their visual syntax preferences. Data was obtained from multiple participant groups, which included lecturers, students and industry practitioners with cyber-security specific or general computer science backgrounds.The overall analysis recommends a winning representation with the following attributes. The flow of events is represented top-down as in a flow diagram – as opposed to a fault tree or attack tree where it is presented bottom-up, preconditions – the conditions required for a successful exploit, are represented as ellipses and exploits are represented as rectangles. These results were consistent across the multiple groups and across scenarios which differed according to their attack complexity. The research tested a number of bottom-up approaches – similar to that used in attack trees. The bottom-up designs received the lowest practitioner preference score indicating that attack trees – which also utilise the bottom-up method, are not a preferred design amongst practitioners – when presented with an alternative top-down design. Practitioner preferences are important for any method or framework to become accepted, and this is the first time that an attack modelling technique has been developed and tested for practitioner preferences.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.