Attack trees are introduced by Bruce Schneier, in the year 1999, as a methodological and graphical way to analyze various attacks in a system. Since its introduction, attack trees have been used in various ways by security researchers. I personally love their simplicity and comprehensiveness.
In this blog, I will talk about a few real life applications of attack trees.
Discover Multi Step Attacks in Computer Networks
Computer networks are growing more complex day by day. There is a multilayer security deployed in every organization serious about security. As a result, attacker needs to perform multi step attacks to reach a goal, say compromising a database server. A multi-step attack is defined as a sequence of exploits that can lead to a goal.
Attack trees provide a valuable tool in the hands of security researchers to discover multi step attacks possible in a computer network.
Computing Metrics related to Defensive Measures
Once an attack tree is created, various qualitative and quantitative metrics can be computed to provide deep insights into overall security of a network. Some of the metrics include:
- Probability of Attack
- Rate and distribution of time to attack
- Mincut i.e. least cost countermeasures to protect a set of critical assets
- Probability of detection of attack and respective mitigation events
- Adversary’s Viewpoint
- Attack Cost (Attacker)
- Return on Attack (ROA)
6. Defender’s Viewpoint
- Attack Impact (Goal)
- Security cost
- Return on Investment (ROI)
Some of the other qualitative questions can also be answered based on the analysis of attack trees including:
- Is an attack possible?
- Show all attacks that do not require special skills and tools.
- Which attacks in my network will incur a damage of over 50k dollars?
- What if analysis i.e. simulating various attack scenarios by changing the adversary and defender’s position in the network.
Vulnerability Analysis of Complex Systems
Attack trees have been used to analyze and discover security vulnerabilities of various complex systems including SCADA Networks, Biometric Systems, GSM Radio networks etc.
- SCADA Networks: Supervisory Controls and Data Acquisition (SCADA) protocols are communications protocols designed for the exchange of control messages on industrial networks. In a research published by Eric J. Byres, the author identifies eleven possible attacker goals and also identifies security vulnerabilities inherent in both the specification and in typical deployments of SCADA systems.
- Biometric System: In a research by Denis Speicher, the author has described how attack trees can be used to describe “Gummy” Finger Attack and Replay Attacks in great details and suggested quantitative value, in terms of cost, of various countermeasures.
- GSM Radio Network: In a research by Jonathan Cederbergand co-authors, the authors have analyzed attacks in GSM radio network using a 323 nodes attack tree to answer some of the questions like:
- Is it really possible to Attack the Network?
- What is the minimum cost of performing an attack?
- What is the minimum required skill level for an attack?
Adaptive Intrusion Detection Systems (IDS)
There are following primary challenges of Intrusion Detection Systems as of date,
- Lower detection rate (DR).
- Inconsistent detection rates according to different attack types.
- Higher False Positives (FP).
Even in the area of intrusion detection, Attack Trees applicability is valuable. In one of the research, authors have shown that Attack trees based approach has improved the current intrusion detection systems by increasing detection rate (DR) and reducing false positive.
Creating Defense Trees or Attack Countermeasure Trees (ACT)
Once an attack tree is created, additional nodes can be added to the attack tree as countermeasures to eliminate or reduce the possibility of attacks. Attack trees with countermeasures are called Defense Trees or Attack Countermeasure Trees (ACT), in general.
ACT can be used by defenders as valuable tool to analyze various attacks and possible defenses, and find out optimized, low cost defensive measures.
- Fault trees (Vesely, Goldberg, Roberts, Haasl, 1981)
- Threat logic trees (Weiss, 1991)
- Attack trees (Schneier, 1999)
- Foundations of Attack Trees (Mauw&Oostdijk, 2005)
- Multi-parameter attack trees (Buldas et al., 2006)
- The Use of Attack Trees in Assessing Vulnerabilities in SCADA Systems (Eric J. Byres 2004)
- Vulnerability Analysis of Biometric Systems Using Attack Trees (Denis Speicher)
- Adaptive Intrusion Detection Systems (Dewan Md. Farid)
- Attack–Defense Trees (Barbara Kordy 2012)
- Method and system for simulating a hacking attack on a network (Nilanjan De, 2009)