PENET: A practical method and tool for integrated modeling of security attacks and countermeasures

Abstract

With the rise of cyber attack activities in the recent years, research in this area has gained immense emphasis. One of such research efforts is modeling of cyber attacks and countermeasures. In this context, several modeling approaches have been developed, such as approaches based on attack trees and on various stochastic tools. Attack tree model is one of the most intuitive and widely used tool. Although its simple design possesses various strengths, some unaddressed weaknesses such as imprecise analysis, limited modeling capabilities, and static nature plague its full potential. We propose a new modeling approach, called PENET, by extending the attack trees with new modeling constructs and analysis approaches. We add dynamic constructs for modeling dynamic behavior of system, arrival constructs that model periodic nature of attacks based on their cost, and defense constructs that model reparability of an insecure system. Petri Net Attack Modeling (PENET) approach has ability to convert and enhance existing attack trees with finer parameters, dynamic constructs, Petri net representation power, and intuitive time-domain analysis. We show how attack trees can be converted and analyzed in Petri net domain. We provide algorithm for time-domain analysis of PENET model, and performance metrics that are used to quantitatively describe survivability of a vulnerable system and effectiveness of attacker and victim's efforts. Next, we introduce PENET Tool as a practical software implementation of our approach. Finally, we provide a case study that illustrates the PENET approach. Security, dependability evaluation, security evaluation, performability evaluation, stochastic modeling.