%0 Conference Proceedings
%T Towards Analysis of Sophisticated Attacks, with Conditional Probability, Genetic Algorithm and a Crime Function
%+ Technische Universität Darmstadt - Technical University of Darmstadt (TU Darmstadt)
%A Boehmer, Wolfgang
%Z Part 2: 4th International Workshop on Security and Cognitive Informatics for Homeland Defense (SeCIHD 2014)
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B International Cross-Domain Conference and Workshop on Availability, Reliability, and Security (CD-ARES)
%C Fribourg, Switzerland
%Y Stephanie Teufel
%Y Tjoa A Min
%Y Ilsun You
%Y Edgar Weippl
%I Springer
%3 Availability, Reliability, and Security in Information Systems
%V LNCS-8708
%P 250-256
%8 2014-09-08
%D 2014
%R 10.1007/978-3-319-10975-6_19
%K Conditional probability
%K genetic algorithm
%K Bayes theorem
%K attack trees
%K threat actor
%K crime function
%K risk scenario technology
%Z Computer Science [cs]
%Z Humanities and Social Sciences/Library and information sciencesConference papers
%X In this short article, a proposal to simulate a sophisticated attack on a technical infrastructure is discussed. Attacks on (critical) infrastructures can be modeled with attack trees, but regular (normal) attack trees have some limitation in the case of a sophisticated attack like an advanced persistent (sophisticated) attack. Furthermore, attacks can also be simulated to understand the type of attack, and in order to subsequently develop targeted countermeasures. In this case, a normal, and also a sophisticated attack, is typically carried out in three phases. In the first phase (I) extensive information is gathered about the target object. In the second phase (II), the existing information is verified with a target object scan. In the third phase (III), the actual attack takes place. A normal attack tree is not able to explain this kind of attack behavior. So, we advanced a normal attack tree, which uses conditional probability according to Bayes to go through a certain path - step by step - from the leaf to the root. The learning ability, which typically precedes an attack (phase II), is simulated using a genetic algorithm. To determine the attack, we used threat trees and threat actors. Threat actors are weighted by a function that is called criminal energy. In a first step, it proposes three types of threat actors. The vulnerabilities have been identified as examples for a laboratory network.
%G English
%Z TC 5
%Z TC 8
%Z WG 8.4
%Z WG 8.9
%2 https://inria.hal.science/hal-01404000/document
%2 https://inria.hal.science/hal-01404000/file/978-3-319-10975-6_19_Chapter.pdf
%L hal-01404000
%U https://inria.hal.science/hal-01404000
%~ SHS
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-TC5
%~ IFIP-WG
%~ IFIP-TC8
%~ IFIP-LNCS-8708
%~ IFIP-CD-ARES
%~ IFIP-WG8-4
%~ IFIP-WG8-9