Modelling Duqu 2.0 Malware using Attack Trees with Sequential Conjunction

  title={Modelling Duqu 2.0 Malware using Attack Trees with Sequential Conjunction},
  author={Peter Maynard and Kieran McLaughlin and Sakir Sezer},
In this paper we identify requirements for choosing a threat modelling formalisation for modelling sophisticated malware such as Duqu 2.0. We discuss the gaps in current formalisations and propose the use of Attack Trees with Sequential Conjunction when it comes to analysing complex attacks. The paper models Duqu 2.0 based on the latest information sourced from formal and informal sources. This paper provides a well structured model which can be used for future analysis of Duqu 2.0 and related… 

Figures from this paper

Models of Reliability of Fault-Tolerant Software Under Cyber-Attacks
  • P. Popov
  • Computer Science, Engineering
    2017 IEEE 28th International Symposium on Software Reliability Engineering (ISSRE)
  • 2017
It is demonstrated that the effect of attacks on reliability of diverse software significantly depends on the adversary model, and the importance of using an adequate adversary model in the assessment of how effective various cyber-security controls are.
Interplay Between Malware Epidemics and Honeynet Potency in Industrial Control System Network
A novel honeynet-based epidemic model with immunization and quarantine in ICS network is formulated to explore the dynamics of the malware propagation, and the honeynet potency is analyzed as well as the local and global stability of the disease-free and endemic equilibrium are examined.
Big Fish, Little Fish, Critical Infrastructure: An Analysis of Phineas Fisher and the ‘Hacktivist’ Threat to Critical Infrastructure
  • P. Maynard, K. McLaughlin
  • Computer Science
    2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)
  • 2020
A model of a well known hacktivist who goes under the pseudonym of Phineas Fisher is created, and seven essential mitigations which can be deployed by critical infrastructure operations and asset owners, to prevent such intrusions by hacktivists are identified.
Quantitative Evaluation of the Efficacy of Defence-in-Depth in Critical Infrastructures
This chapter reports on a model-based approach to assessing cyber-risks in a cyber-physical system (CPS), such as power-transmission systems. We demonstrate that quantitative cyber-risk assessment,
Resilience of Cyber-Physical Systems
  • Francesco Flammini
  • Computer Science
    Advanced Sciences and Technologies for Security Applications
  • 2019
This book addresses the latest approaches to holistic Cyber-Physical System resilience in real-world industrial applications with a focus on cloud-based CPSs.
Risk Framework for Bitcoin Custody Operation with the Revault Protocol
This work presents a risk model in the form of a library of attack-trees for Revault – an open-source custody protocol that can be used by organisations as a risk quantification framework for a thorough security analysis in their specific deployment context.


Attack Trees
  • R. Ellison
  • Computer Science, Mathematics
    Encyclopedia of Biometrics
  • 2009
Attack trees provide a formal, methodical way of describing the security of systems, based on varying attacks, that captures attacks that are sequence events, but may not be appropriate for attacks that involve concurrent actions.
Security Modeling with BDMP: From Theory to Implementation
This paper discusses the implementation and use of the BDMP (Boolean logic Driven Markov Processes) formalism, recently adapted to graphical attack modeling, and finds that attack sequence filtering based on attacker profiles and sensitivity analysis provide a significant help.
Attack Trees with Sequential Conjunction
This work provides the first formal foundation of SAND attack trees which are a popular extension of the well-known attack trees by introducing the sequential conjunctive operator that enables the modeling of ordered events.
Towards Synthesis of Attack Trees for Supporting Computer-Aided Risk Analysis
This paper describes the tooling support, formal foundations as well as automated techniques to synthesize attack trees from a high-level description of a system, and identifies open challenges for supporting the analysis of risks.
Modeling the Stuxnet attack with BDMP: Towards more formal risk assessments
This paper proposes to model the Stuxnet attack with BDMP (Boolean logic Driven Markov Processes) formalism and highlights the advantages of BDMP compared to attack trees often used in security assessment.
Attack and Defense Modeling with BDMP
BDMP detection and reaction modeling are fully integrated in an augmented theoretical framework and new developments on defensive aspects are presented.
The Use of Attack Trees in Assessing Vulnerabilities in SCADA Systems
The authors identify eleven possible attacker goals and identify security vulnerabilities inherent in both the specification and in typical deployments of SCADA systems to suggest possible best practices for SCADA operators and improvement to the MODBUS standard.
Time-Dependent Analysis of Attacks
This paper presents an efficient technique to analyze attack times for an extension of the prominent formalism of attack trees by an elegant calculus of acyclic phase type distributions together with an effective compositional compression technique.
Modeling cyber-attack for SCADA systems using CoPNet approach
Colored Petri Net (CoPNet) modeling approach is proposed by extending the attack trees with new modeling constructs and analysis approaches, which is flexible enough to model Internet intrusion, including the static and dynamic features of the intrusion.