Modelling Duqu 2.0 Malware using Attack Trees with Sequential Conjunction
@inproceedings{Maynard2016ModellingD2, title={Modelling Duqu 2.0 Malware using Attack Trees with Sequential Conjunction}, author={Peter Maynard and Kieran McLaughlin and Sakir Sezer}, booktitle={ICISSP}, year={2016} }
In this paper we identify requirements for choosing a threat modelling formalisation for modelling sophisticated malware such as Duqu 2.0. We discuss the gaps in current formalisations and propose the use of Attack Trees with Sequential Conjunction when it comes to analysing complex attacks. The paper models Duqu 2.0 based on the latest information sourced from formal and informal sources. This paper provides a well structured model which can be used for future analysis of Duqu 2.0 and related…
7 Citations
Models of Reliability of Fault-Tolerant Software Under Cyber-Attacks
- Computer Science, Engineering2017 IEEE 28th International Symposium on Software Reliability Engineering (ISSRE)
- 2017
It is demonstrated that the effect of attacks on reliability of diverse software significantly depends on the adversary model, and the importance of using an adequate adversary model in the assessment of how effective various cyber-security controls are.
Interplay Between Malware Epidemics and Honeynet Potency in Industrial Control System Network
- Computer ScienceIEEE Access
- 2020
A novel honeynet-based epidemic model with immunization and quarantine in ICS network is formulated to explore the dynamics of the malware propagation, and the honeynet potency is analyzed as well as the local and global stability of the disease-free and endemic equilibrium are examined.
A propagation model with defensive measures for PLC-PC worms in industrial networks
- Computer ScienceApplied Mathematical Modelling
- 2019
Big Fish, Little Fish, Critical Infrastructure: An Analysis of Phineas Fisher and the ‘Hacktivist’ Threat to Critical Infrastructure
- Computer Science2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)
- 2020
A model of a well known hacktivist who goes under the pseudonym of Phineas Fisher is created, and seven essential mitigations which can be deployed by critical infrastructure operations and asset owners, to prevent such intrusions by hacktivists are identified.
Quantitative Evaluation of the Efficacy of Defence-in-Depth in Critical Infrastructures
- Computer ScienceResilience of Cyber-Physical Systems
- 2019
This chapter reports on a model-based approach to assessing cyber-risks in a cyber-physical system (CPS), such as power-transmission systems. We demonstrate that quantitative cyber-risk assessment,…
Resilience of Cyber-Physical Systems
- Computer ScienceAdvanced Sciences and Technologies for Security Applications
- 2019
This book addresses the latest approaches to holistic Cyber-Physical System resilience in real-world industrial applications with a focus on cloud-based CPSs.
Risk Framework for Bitcoin Custody Operation with the Revault Protocol
- Computer ScienceFinancial Cryptography Workshops
- 2021
This work presents a risk model in the form of a library of attack-trees for Revault – an open-source custody protocol that can be used by organisations as a risk quantification framework for a thorough security analysis in their specific deployment context.
References
SHOWING 1-10 OF 16 REFERENCES
Attack Trees
- Computer Science, MathematicsEncyclopedia of Biometrics
- 2009
Attack trees provide a formal, methodical way of describing the security of systems, based on varying attacks, that captures attacks that are sequence events, but may not be appropriate for attacks that involve concurrent actions.
Security Modeling with BDMP: From Theory to Implementation
- Computer Science2011 Conference on Network and Information Systems Security
- 2011
This paper discusses the implementation and use of the BDMP (Boolean logic Driven Markov Processes) formalism, recently adapted to graphical attack modeling, and finds that attack sequence filtering based on attacker profiles and sensitivity analysis provide a significant help.
Attack Trees with Sequential Conjunction
- Computer Science, MathematicsSEC
- 2015
This work provides the first formal foundation of SAND attack trees which are a popular extension of the well-known attack trees by introducing the sequential conjunctive operator that enables the modeling of ordered events.
Towards Synthesis of Attack Trees for Supporting Computer-Aided Risk Analysis
- Computer ScienceSEFM Workshops
- 2014
This paper describes the tooling support, formal foundations as well as automated techniques to synthesize attack trees from a high-level description of a system, and identifies open challenges for supporting the analysis of risks.
Modeling the Stuxnet attack with BDMP: Towards more formal risk assessments
- Computer Science2012 7th International Conference on Risks and Security of Internet and Systems (CRiSIS)
- 2012
This paper proposes to model the Stuxnet attack with BDMP (Boolean logic Driven Markov Processes) formalism and highlights the advantages of BDMP compared to attack trees often used in security assessment.
Attack and Defense Modeling with BDMP
- Computer ScienceMMM-ACNS
- 2010
BDMP detection and reaction modeling are fully integrated in an augmented theoretical framework and new developments on defensive aspects are presented.
The Use of Attack Trees in Assessing Vulnerabilities in SCADA Systems
- Computer Science
- 2004
The authors identify eleven possible attacker goals and identify security vulnerabilities inherent in both the specification and in typical deployments of SCADA systems to suggest possible best practices for SCADA operators and improvement to the MODBUS standard.
Time-Dependent Analysis of Attacks
- Computer Science, MathematicsPOST
- 2014
This paper presents an efficient technique to analyze attack times for an extension of the prominent formalism of attack trees by an elegant calculus of acyclic phase type distributions together with an effective compositional compression technique.
Modeling cyber-attack for SCADA systems using CoPNet approach
- Computer Science2012 IEEE International Conference on Complex Systems (ICCS)
- 2012
Colored Petri Net (CoPNet) modeling approach is proposed by extending the attack trees with new modeling constructs and analysis approaches, which is flexible enough to model Internet intrusion, including the static and dynamic features of the intrusion.
A new formalism that combines advantages of fault-trees and Markov models: Boolean logic driven Markov processes
- Mathematics, Computer ScienceReliab. Eng. Syst. Saf.
- 2003