The Library
Evaluating practitioner cyber-security attack graph configuration preferences
Tools
Tools
Tools
Lallie, Harjinder Singh, Debattista, Kurt and Bal, Jay (2018) Evaluating practitioner cyber-security attack graph configuration preferences. Computers & Security, 79 . pp. 117-131. doi:10.1016/j.cose.2018.08.005
|
PDF
WRAP-evaluating-practitioner-cyber-security-graph-Lallie-2018.pdf - Accepted Version - Requires a PDF viewer. Available under License Creative Commons Attribution Non-commercial No Derivatives 4.0. Download (897Kb) | Preview |
Official URL: http://dx.doi.org/10.1016/j.cose.2018.08.005
Abstract
Attack graphs and attack trees are a popular method of mathematically and visually rep- resenting the sequence of events that lead to a successful cyber-attack. Despite their popularity, there is no standardised attack graph or attack tree visual syntax configuration, and more than seventy self-nominated attack graph and twenty attack tree configurations have been described in the literature - each of which presents attributes such as preconditions and exploits in a different way. This research proposes a practitioner-preferred attack graph visual syntax configuration which can be used to effectively present cyber-attacks.
Comprehensive data on participant ( n=212 ) preferences was obtained through a choice based conjoint design in which participants scored attack graph configuration based on their visual syntax preferences. Data was obtained from multiple participant groups which included lecturers, students and industry practitioners with cyber-security specific or general computer science backgrounds.
The overall analysis recommends a winning representation with the following attributes. The flow of events is represented top-down as in a flow diagram - as opposed to a fault tree or attack tree where it is presented bottom-up, preconditions - the conditions required for a successful exploit, are represented as ellipses and exploits are represented as rectangles. These results were consistent across the multiple groups and across scenarios which differed according to their attack complexity. The research tested a number of bottom-up approaches - similar to that used in attack trees. The bottom-up designs received the lowest practitioner preference score indicating that attack trees - which also utilise the bottom-up method, are not a preferred design amongst practitioners - when presented with an alternative top-down design. Practitioner preferences are important for any method or framework to become accepted, and this is the first time that an attack modelling technique has been developed and tested for practitioner preferences.
| Item Type: | Journal Article | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Subjects: | H Social Sciences > HV Social pathology. Social and public welfare Q Science > QA Mathematics > QA76 Electronic computers. Computer science. Computer software |
||||||||
| Divisions: | Faculty of Science > WMG (Formerly the Warwick Manufacturing Group) | ||||||||
| Library of Congress Subject Headings (LCSH): | Computer security, Cyberterrorism -- Prevention -- Mathematical models | ||||||||
| Journal or Publication Title: | Computers & Security | ||||||||
| Publisher: | Elsevier Advanced Technology | ||||||||
| ISSN: | 0167-4048 | ||||||||
| Official Date: | November 2018 | ||||||||
| Dates: |
|
||||||||
| Date of first compliant deposit: | 8 November 2018 | ||||||||
| Volume: | 79 | ||||||||
| Page Range: | pp. 117-131 | ||||||||
| DOI: | 10.1016/j.cose.2018.08.005 | ||||||||
| Status: | Peer Reviewed | ||||||||
| Publication Status: | Published | ||||||||
| Access rights to Published version: | Restricted or Subscription Access |
Request changes or add full text files to a record
Repository staff actions (login required)
 |
View Item |
Downloads
Downloads per month over past year
