Evaluating practitioner cyber-security attack graph configuration preferences. Issue 79 (November 2018)
- Record Type:
- Journal Article
- Title:
- Evaluating practitioner cyber-security attack graph configuration preferences. Issue 79 (November 2018)
- Main Title:
- Evaluating practitioner cyber-security attack graph configuration preferences
- Authors:
- Lallie, Harjinder Singh
Debattista, Kurt
Bal, Jay - Abstract:
- Abstract: Attack graphs and attack trees are a popular method of mathematically and visually representing the sequence of events that lead to a successful cyber-attack. Despite their popularity, there is no standardised attack graph or attack tree visual syntax configuration, and more than seventy self-nominated attack graph and twenty attack tree configurations have been described in the literature – each of which presents attributes such as preconditions and exploits in a different way. This research proposes a practitioner-preferred attack graph visual syntax configuration which can be used to effectively present cyber-attacks. Comprehensive data on participant ( n = 212 ) preferences was obtained through a choice based conjoint design in which participants scored attack graph configuration based on their visual syntax preferences. Data was obtained from multiple participant groups, which included lecturers, students and industry practitioners with cyber-security specific or general computer science backgrounds. The overall analysis recommends a winning representation with the following attributes. The flow of events is represented top-down as in a flow diagram – as opposed to a fault tree or attack tree where it is presented bottom-up, preconditions – the conditions required for a successful exploit, are represented as ellipses and exploits are represented as rectangles. These results were consistent across the multiple groups and across scenarios which differedAbstract: Attack graphs and attack trees are a popular method of mathematically and visually representing the sequence of events that lead to a successful cyber-attack. Despite their popularity, there is no standardised attack graph or attack tree visual syntax configuration, and more than seventy self-nominated attack graph and twenty attack tree configurations have been described in the literature – each of which presents attributes such as preconditions and exploits in a different way. This research proposes a practitioner-preferred attack graph visual syntax configuration which can be used to effectively present cyber-attacks. Comprehensive data on participant ( n = 212 ) preferences was obtained through a choice based conjoint design in which participants scored attack graph configuration based on their visual syntax preferences. Data was obtained from multiple participant groups, which included lecturers, students and industry practitioners with cyber-security specific or general computer science backgrounds. The overall analysis recommends a winning representation with the following attributes. The flow of events is represented top-down as in a flow diagram – as opposed to a fault tree or attack tree where it is presented bottom-up, preconditions – the conditions required for a successful exploit, are represented as ellipses and exploits are represented as rectangles. These results were consistent across the multiple groups and across scenarios which differed according to their attack complexity. The research tested a number of bottom-up approaches – similar to that used in attack trees. The bottom-up designs received the lowest practitioner preference score indicating that attack trees – which also utilise the bottom-up method, are not a preferred design amongst practitioners – when presented with an alternative top-down design. Practitioner preferences are important for any method or framework to become accepted, and this is the first time that an attack modelling technique has been developed and tested for practitioner preferences. … (more)
- Is Part Of:
- Computers & security. Issue 79(2018)
- Journal:
- Computers & security
- Issue:
- Issue 79(2018)
- Issue Display:
- Volume 79, Issue 79 (2018)
- Year:
- 2018
- Volume:
- 79
- Issue:
- 79
- Issue Sort Value:
- 2018-0079-0079-0000
- Page Start:
- 117
- Page End:
- 131
- Publication Date:
- 2018-11
- Subjects:
- Attack modelling -- Threat modelling -- Cyber-security -- Security usability -- Security visualisation
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2018.08.005 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 7945.xml