Quantitative evaluation of attack/defense scenarios through Decision Network modelling and analysis

Daniele Codetta-Raiteri; Luigi Portinale; Roberta Terruggia

doi:10.1109/CCST.2014.6987040

Quantitative evaluation of attack/defense scenarios through Decision Network modelling and analysis

Daniele Codetta-Raiteri, Luigi Portinale, Roberta Terruggia

Department of Science and Technological Innovation

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

We exploit Decision Networks (DN) for the analysis of attack/defense scenarios. DN extend both the modeling and the analysis capabilities of formalisms based on Attack Trees, which are the main reference model in such a context. In particular, DN can naturally address uncertainty at every level, including the interaction level of attacks and countermeasures, making possible the modeling of situations which are not limited to Boolean combinations of events. Furthermore, inference algorithms can be exploited for a probabilistic analysis with the goal of assessing the risk and the importance of the attacks (with respect to specific sets of countermeasures), and selecting the optimal set (with respect to a specific objective function) of countermeasures to activate.

Original language	English
Title of host publication	Proceedings - 2014 International Carnahan Conference on Security Technology, ICCST 2014
Editors	Fabio Garzia, Fabio Garzia, Fabio Garzia, Gordon Thomas, Daniel A. Pritchard
Publisher	Institute of Electrical and Electronics Engineers Inc.
Edition	October
ISBN (Electronic)	9781479935321
DOIs	https://doi.org/10.1109/CCST.2014.6987040
Publication status	Published - 15 Dec 2014
Event	48th Annual IEEE International Carnahan Conference on Security Technology, ICCST 2014 - Rome, Italy Duration: 13 Oct 2014 → 16 Oct 2014

Publication series

Name	Proceedings - International Carnahan Conference on Security Technology
Number	October
Volume	2014-October
ISSN (Print)	1071-6572

Conference

Conference	48th Annual IEEE International Carnahan Conference on Security Technology, ICCST 2014
Country/Territory	Italy
City	Rome
Period	13/10/14 → 16/10/14

Keywords

Attack-Defense Trees
Decision Networks
SCADA
importance measures
return on investment
risk

Access to Document

10.1109/CCST.2014.6987040

Cite this

Codetta-Raiteri, D., Portinale, L., & Terruggia, R. (2014). Quantitative evaluation of attack/defense scenarios through Decision Network modelling and analysis. In F. Garzia, F. Garzia, F. Garzia, G. Thomas, & D. A. Pritchard (Eds.), Proceedings - 2014 International Carnahan Conference on Security Technology, ICCST 2014 (October ed.). Article 6987040 (Proceedings - International Carnahan Conference on Security Technology; Vol. 2014-October, No. October). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CCST.2014.6987040

Codetta-Raiteri, Daniele ; Portinale, Luigi ; Terruggia, Roberta. / Quantitative evaluation of attack/defense scenarios through Decision Network modelling and analysis. Proceedings - 2014 International Carnahan Conference on Security Technology, ICCST 2014. editor / Fabio Garzia ; Fabio Garzia ; Fabio Garzia ; Gordon Thomas ; Daniel A. Pritchard. October. ed. Institute of Electrical and Electronics Engineers Inc., 2014. (Proceedings - International Carnahan Conference on Security Technology; October).

@inproceedings{702d9663da4249a9af44da789cc96c17,

title = "Quantitative evaluation of attack/defense scenarios through Decision Network modelling and analysis",

abstract = "We exploit Decision Networks (DN) for the analysis of attack/defense scenarios. DN extend both the modeling and the analysis capabilities of formalisms based on Attack Trees, which are the main reference model in such a context. In particular, DN can naturally address uncertainty at every level, including the interaction level of attacks and countermeasures, making possible the modeling of situations which are not limited to Boolean combinations of events. Furthermore, inference algorithms can be exploited for a probabilistic analysis with the goal of assessing the risk and the importance of the attacks (with respect to specific sets of countermeasures), and selecting the optimal set (with respect to a specific objective function) of countermeasures to activate.",

keywords = "Attack-Defense Trees, Decision Networks, SCADA, importance measures, return on investment, risk",

author = "Daniele Codetta-Raiteri and Luigi Portinale and Roberta Terruggia",

note = "Publisher Copyright: {\textcopyright} 2014 IEEE.; 48th Annual IEEE International Carnahan Conference on Security Technology, ICCST 2014 ; Conference date: 13-10-2014 Through 16-10-2014",

year = "2014",

month = dec,

day = "15",

doi = "10.1109/CCST.2014.6987040",

language = "English",

series = "Proceedings - International Carnahan Conference on Security Technology",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "October",

editor = "Fabio Garzia and Fabio Garzia and Fabio Garzia and Gordon Thomas and Pritchard, {Daniel A.}",

booktitle = "Proceedings - 2014 International Carnahan Conference on Security Technology, ICCST 2014",

address = "United States",

edition = "October",

}

Codetta-Raiteri, D , Portinale, L & Terruggia, R 2014, Quantitative evaluation of attack/defense scenarios through Decision Network modelling and analysis. in F Garzia, F Garzia, F Garzia, G Thomas & DA Pritchard (eds), Proceedings - 2014 International Carnahan Conference on Security Technology, ICCST 2014. October edn, 6987040, Proceedings - International Carnahan Conference on Security Technology, no. October, vol. 2014-October, Institute of Electrical and Electronics Engineers Inc., 48th Annual IEEE International Carnahan Conference on Security Technology, ICCST 2014, Rome, Italy, 13/10/14. https://doi.org/10.1109/CCST.2014.6987040

Quantitative evaluation of attack/defense scenarios through Decision Network modelling and analysis. / Codetta-Raiteri, Daniele ; Portinale, Luigi; Terruggia, Roberta.
Proceedings - 2014 International Carnahan Conference on Security Technology, ICCST 2014. ed. / Fabio Garzia; Fabio Garzia; Fabio Garzia; Gordon Thomas; Daniel A. Pritchard. October. ed. Institute of Electrical and Electronics Engineers Inc., 2014. 6987040 (Proceedings - International Carnahan Conference on Security Technology; Vol. 2014-October, No. October).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Quantitative evaluation of attack/defense scenarios through Decision Network modelling and analysis

AU - Codetta-Raiteri, Daniele

AU - Portinale, Luigi

AU - Terruggia, Roberta

PY - 2014/12/15

Y1 - 2014/12/15

N2 - We exploit Decision Networks (DN) for the analysis of attack/defense scenarios. DN extend both the modeling and the analysis capabilities of formalisms based on Attack Trees, which are the main reference model in such a context. In particular, DN can naturally address uncertainty at every level, including the interaction level of attacks and countermeasures, making possible the modeling of situations which are not limited to Boolean combinations of events. Furthermore, inference algorithms can be exploited for a probabilistic analysis with the goal of assessing the risk and the importance of the attacks (with respect to specific sets of countermeasures), and selecting the optimal set (with respect to a specific objective function) of countermeasures to activate.

AB - We exploit Decision Networks (DN) for the analysis of attack/defense scenarios. DN extend both the modeling and the analysis capabilities of formalisms based on Attack Trees, which are the main reference model in such a context. In particular, DN can naturally address uncertainty at every level, including the interaction level of attacks and countermeasures, making possible the modeling of situations which are not limited to Boolean combinations of events. Furthermore, inference algorithms can be exploited for a probabilistic analysis with the goal of assessing the risk and the importance of the attacks (with respect to specific sets of countermeasures), and selecting the optimal set (with respect to a specific objective function) of countermeasures to activate.

KW - Attack-Defense Trees

KW - Decision Networks

KW - SCADA

KW - importance measures

KW - return on investment

KW - risk

UR - http://www.scopus.com/inward/record.url?scp=84931059192&partnerID=8YFLogxK

U2 - 10.1109/CCST.2014.6987040

DO - 10.1109/CCST.2014.6987040

M3 - Conference contribution

AN - SCOPUS:84931059192

T3 - Proceedings - International Carnahan Conference on Security Technology

BT - Proceedings - 2014 International Carnahan Conference on Security Technology, ICCST 2014

A2 - Garzia, Fabio

A2 - Thomas, Gordon

A2 - Pritchard, Daniel A.

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 48th Annual IEEE International Carnahan Conference on Security Technology, ICCST 2014

Y2 - 13 October 2014 through 16 October 2014

ER -

Codetta-Raiteri D , Portinale L, Terruggia R. Quantitative evaluation of attack/defense scenarios through Decision Network modelling and analysis. In Garzia F, Garzia F, Garzia F, Thomas G, Pritchard DA, editors, Proceedings - 2014 International Carnahan Conference on Security Technology, ICCST 2014. October ed. Institute of Electrical and Electronics Engineers Inc. 2014. 6987040. (Proceedings - International Carnahan Conference on Security Technology; October). doi: 10.1109/CCST.2014.6987040

Quantitative evaluation of attack/defense scenarios through Decision Network modelling and analysis

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this