Skip to content Skip to navigation
University of Warwick
  • Study
  • |
  • Research
  • |
  • Business
  • |
  • Alumni
  • |
  • News
  • |
  • About

University of Warwick
Publications service & WRAP

Highlight your research

  • WRAP
    • Home
    • Search WRAP
    • Browse by Warwick Author
    • Browse WRAP by Year
    • Browse WRAP by Subject
    • Browse WRAP by Department
    • Browse WRAP by Funder
    • Browse Theses by Department
  • Publications Service
    • Home
    • Search Publications Service
    • Browse by Warwick Author
    • Browse Publications service by Year
    • Browse Publications service by Subject
    • Browse Publications service by Department
    • Browse Publications service by Funder
  • Help & Advice
University of Warwick

The Library

  • Login
  • Admin

Evaluating practitioner cyber-security attack graph configuration preferences

Tools
- Tools
+ Tools

Lallie, Harjinder Singh, Debattista, Kurt and Bal, Jay (2018) Evaluating practitioner cyber-security attack graph configuration preferences. Computers & Security, 79 . pp. 117-131. doi:10.1016/j.cose.2018.08.005

[img]
Preview
PDF
WRAP-evaluating-practitioner-cyber-security-graph-Lallie-2018.pdf - Accepted Version - Requires a PDF viewer.
Available under License Creative Commons Attribution Non-commercial No Derivatives 4.0.

Download (897Kb) | Preview
Official URL: http://dx.doi.org/10.1016/j.cose.2018.08.005

Request Changes to record.

Abstract

Attack graphs and attack trees are a popular method of mathematically and visually rep- resenting the sequence of events that lead to a successful cyber-attack. Despite their popularity, there is no standardised attack graph or attack tree visual syntax configuration, and more than seventy self-nominated attack graph and twenty attack tree configurations have been described in the literature - each of which presents attributes such as preconditions and exploits in a different way. This research proposes a practitioner-preferred attack graph visual syntax configuration which can be used to effectively present cyber-attacks.

Comprehensive data on participant ( n=212 ) preferences was obtained through a choice based conjoint design in which participants scored attack graph configuration based on their visual syntax preferences. Data was obtained from multiple participant groups which included lecturers, students and industry practitioners with cyber-security specific or general computer science backgrounds.

The overall analysis recommends a winning representation with the following attributes. The flow of events is represented top-down as in a flow diagram - as opposed to a fault tree or attack tree where it is presented bottom-up, preconditions - the conditions required for a successful exploit, are represented as ellipses and exploits are represented as rectangles. These results were consistent across the multiple groups and across scenarios which differed according to their attack complexity. The research tested a number of bottom-up approaches - similar to that used in attack trees. The bottom-up designs received the lowest practitioner preference score indicating that attack trees - which also utilise the bottom-up method, are not a preferred design amongst practitioners - when presented with an alternative top-down design. Practitioner preferences are important for any method or framework to become accepted, and this is the first time that an attack modelling technique has been developed and tested for practitioner preferences.

Item Type: Journal Article
Subjects: H Social Sciences > HV Social pathology. Social and public welfare
Q Science > QA Mathematics > QA76 Electronic computers. Computer science. Computer software
Divisions: Faculty of Science, Engineering and Medicine > Engineering > WMG (Formerly the Warwick Manufacturing Group)
Library of Congress Subject Headings (LCSH): Computer security, Cyberterrorism -- Prevention -- Mathematical models
Journal or Publication Title: Computers & Security
Publisher: Elsevier Advanced Technology
ISSN: 0167-4048
Official Date: November 2018
Dates:
DateEvent
November 2018Published
4 September 2018Available
15 August 2018Accepted
Volume: 79
Page Range: pp. 117-131
DOI: 10.1016/j.cose.2018.08.005
Status: Peer Reviewed
Publication Status: Published
Access rights to Published version: Restricted or Subscription Access

Request changes or add full text files to a record

Repository staff actions (login required)

View Item View Item

Downloads

Downloads per month over past year

View more statistics

twitter

Email us: wrap@warwick.ac.uk
Contact Details
About Us