University of Twente Student Theses
Attack-Defense Trees with Offensive and Defensive Attributes
Copae, D.V. (2024) Attack-Defense Trees with Offensive and Defensive Attributes.
|
PDF
2MB |
| Abstract: | Attack-defense trees (ADTs) are a commonly used methodology for representing the interplay between system attacks and counteracting defenses. Previous work in this domain has only focused on analyzing metrics such as cost, damage, or time from the perspective of the attacker. This approach, however, presents an incomplete picture of the system, as it fails to model attributes for the defender: in real scenarios, the defender usually has finite resources for counter-attacks, and just like the attacker, is bounded by some constraints. This thesis aims to bridge this gap by developing efficient algorithms for computing the Pareto front between defense and attack attribute values. We analyzed tree-structured ADTs using a bottom-up approach and Directed Acyclic Graph (DAG)-structured ADTs using enumerative, Integer Linear Programming (ILP) and Binary Decision Diagram (BDD)-based techniques. The experimental results on random ADTs indicate that rather than finding one algorithm to rule them all, each technique is useful based on varying ADT properties. A bottom-up approach computes the Pareto front the fastest for tree-structured ADTs, while BDDs are the most efficient for DAG-structured ADTs. The implications of our work enable a more detailed analysis of attack scenarios, allowing the system owners to make better-informed decisions. |
| Item Type: | Essay (Master) |
| Faculty: | EEMCS: Electrical Engineering, Mathematics and Computer Science |
| Subject: | 54 computer science |
| Programme: | Computer Science MSc (60300) |
| Link to this item: | https://purl.utwente.nl/essays/101705 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page