Attack Countermeasure Trees: A Non-state-space Approach Towards Analyzing Security and Finding Optimal Countermeasure Sets
by Roy, Arpan, M.S., DUKE UNIVERSITY, 2010, 74 pages; 1484116

Abstract:

Attack tree (AT) is one of the widely used combinatorial models in security analysis. The basic formalism of AT does not take into account defense mechanisms. Defense trees (DTs) have been developed to investigate the effect of defense mechanisms using measures such as attack cost, security investment cost, return on attack (ROA) and return on investment (ROI). DT, however, places defense mechanisms only at the leaf nodes and the corresponding ROI/ROA analysis does not incorporate the probabilities of attack. In attack response tree (ART), attack and response are both captured but ART suffers from the problem of state-space explosion, since solution of ART is obtained by means of a partially observable Markov Decision Process model. In this thesis, we present a novel attack tree paradigm called attack countermeasure tree (ACT) which takes a purely noon-state-space approach to security analysis taking into account attacks as well as countermeasures (in the form of detection and mitigation techniques). In ACT, detection and mitigation are allowed not just at the leaf node but also at the intermediate nodes while at the same time the state-space explosion problem is avoided in its analysis. We propose algorithms to perform single and multiobjective optimization to find optimal countermeasure sets under different sets of budgetary constraints. We illustrate the features of ACT using several case studies.
 
AdviserKishor S. Trivedi
SchoolDUKE UNIVERSITY
SourceMAI/ 49-03, p. , Jan 2011
Source TypeThesis
SubjectsComputer engineering; Electrical engineering; Computer science
Publication Number1484116
Adobe PDF Access the complete dissertation:
 

» Find an electronic copy at your library.
  Use the link below to access a full citation record of this graduate work:
  http://gateway.proquest.com/openurl%3furl_ver=Z39.88-2004%26res_dat=xri:pqdiss%26rft_val_fmt=info:ofi/fmt:kev:mtx:dissertation%26rft_dat=xri:pqdiss:1484116
  If your library subscribes to the ProQuest Dissertations & Theses (PQDT) database, you may be entitled to a free electronic version of this graduate work. If not, you will have the option to purchase one, and access a 24 page preview for free (if available).

About ProQuest Dissertations & Theses
With over 2.3 million records, the ProQuest Dissertations & Theses (PQDT) database is the most comprehensive collection of dissertations and theses in the world. It is the database of record for graduate research.

The database includes citations of graduate works ranging from the first U.S. dissertation, accepted in 1861, to those accepted as recently as last semester. Of the 2.3 million graduate works included in the database, ProQuest offers more than 1.9 million in full text formats. Of those, over 860,000 are available in PDF format. More than 60,000 dissertations and theses are added to the database each year.

If you have questions, please feel free to visit the ProQuest Web site - http://www.proquest.com - or call ProQuest Hotline Customer Support at 1-800-521-3042.