Modelling Duqu 2.0 Malware using Attack Trees with Sequential Conjunction

  title={Modelling Duqu 2.0 Malware using Attack Trees with Sequential Conjunction},
  author={Peter Maynard and Kieran McLaughlin and Sakir Sezer},
In this paper we identify requirements for choosing a threat modelling formalisation for modelling sophisticated malware such as Duqu 2.0. We discuss the gaps in current formalisations and propose the use of Attack Trees with Sequential Conjunction when it comes to analysing complex attacks. The paper models Duqu 2.0 based on the latest information sourced from formal and informal sources. This paper provides a well structured model which can be used for future analysis of Duqu 2.0 and related… Expand
Models of Reliability of Fault-Tolerant Software Under Cyber-Attacks
  • P. Popov
  • Computer Science
  • 2017 IEEE 28th International Symposium on Software Reliability Engineering (ISSRE)
  • 2017
It is demonstrated that the effect of attacks on reliability of diverse software significantly depends on the adversary model, and the importance of using an adequate adversary model in the assessment of how effective various cyber-security controls are. Expand
Interplay Between Malware Epidemics and Honeynet Potency in Industrial Control System Network
A novel honeynet-based epidemic model with immunization and quarantine in ICS network is formulated to explore the dynamics of the malware propagation, and the honeynet potency is analyzed as well as the local and global stability of the disease-free and endemic equilibrium are examined. Expand
A propagation model with defensive measures for PLC-PC worms in industrial networks
For the first time, a propagation model is proposed to explore the spread behavior of PLC-PC worms across the P LC-PC coupled network with defensive measures and some ideas for restraining the spread and reducing the security threats of the ICS network are suggested. Expand
Big Fish, Little Fish, Critical Infrastructure: An Analysis of Phineas Fisher and the ‘Hacktivist’ Threat to Critical Infrastructure
  • P. Maynard, K. McLaughlin
  • Computer Science, Business
  • 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA)
  • 2020
A model of a well known hacktivist who goes under the pseudonym of Phineas Fisher is created, and seven essential mitigations which can be deployed by critical infrastructure operations and asset owners, to prevent such intrusions by hacktivists are identified. Expand
Quantitative Evaluation of the Efficacy of Defence-in-Depth in Critical Infrastructures
This chapter reports on a model-based approach to assessing cyber-risks in a cyber-physical system (CPS), such as power-transmission systems. We demonstrate that quantitative cyber-risk assessment,Expand
Resilience of Cyber-Physical Systems
  • Francesco Flammini
  • Computer Science
  • Advanced Sciences and Technologies for Security Applications
  • 2019
This book addresses the latest approaches to holistic Cyber-Physical System resilience in real-world industrial applications with a focus on cloud-based CPSs. Expand
Risk Framework for Bitcoin Custody Operation with the Revault Protocol
This work presents a risk model in the form of a library of attack-trees for Revault – an open-source custody protocol that can be used by organisations as a risk quantification framework for a thorough security analysis in their specific deployment context. Expand


Attack Trees
  • R. Ellison
  • Computer Science
  • Encyclopedia of Biometrics
  • 2009
Attack trees provide a formal, methodical way of describing the security of systems, based on varying attacks, that captures attacks that are sequence events, but may not be appropriate for attacks that involve concurrent actions. Expand
Security Modeling with BDMP: From Theory to Implementation
This paper discusses the implementation and use of the BDMP (Boolean logic Driven Markov Processes) formalism, recently adapted to graphical attack modeling, and finds that attack sequence filtering based on attacker profiles and sensitivity analysis provide a significant help. Expand
Attack Trees with Sequential Conjunction
This work provides the first formal foundation of SAND attack trees which are a popular extension of the well-known attack trees by introducing the sequential conjunctive operator that enables the modeling of ordered events. Expand
Towards Synthesis of Attack Trees for Supporting Computer-Aided Risk Analysis
This paper describes the tooling support, formal foundations as well as automated techniques to synthesize attack trees from a high-level description of a system, and identifies open challenges for supporting the analysis of risks. Expand
Modeling the Stuxnet attack with BDMP: Towards more formal risk assessments
This paper proposes to model the Stuxnet attack with BDMP (Boolean logic Driven Markov Processes) formalism and highlights the advantages of BDMP compared to attack trees often used in security assessment. Expand
Attack and Defense Modeling with BDMP
BDMP detection and reaction modeling are fully integrated in an augmented theoretical framework and new developments on defensive aspects are presented. Expand
The Use of Attack Trees in Assessing Vulnerabilities in SCADA Systems
Protocol standards, particularly those for critical control systems in the petroleum and power industry, have traditionally been designed to address a specific application with little regard forExpand
Time-Dependent Analysis of Attacks
This paper presents an efficient technique to analyze attack times for an extension of the prominent formalism of attack trees by an elegant calculus of acyclic phase type distributions together with an effective compositional compression technique. Expand
Modeling cyber-attack for SCADA systems using CoPNet approach
Colored Petri Net (CoPNet) modeling approach is proposed by extending the attack trees with new modeling constructs and analysis approaches, which is flexible enough to model Internet intrusion, including the static and dynamic features of the intrusion. Expand
A new formalism that combines advantages of fault-trees and Markov models: Boolean logic driven Markov processes
A modeling formalism that enables the analyst to combine concepts inherited from fault trees and Markov models in a new way, Boolean logic Driven Markov Processes (BDMP), which allows the definition of complex dynamic models while remaining nearly as readable and easy to build as fault-trees. Expand