Attack trees are a cornerstone of formal security analysis, but their effectiveness hinges on a critical prerequisite: a known adversarial objective. In many real-world scenarios ranging from intrusions in secure facilities to sophisticated cyber-attacks this objective is often unknown due to partial observability and deliberate attacker deception. This uncertainty makes the direct synthesis of meaningful attack trees a formidable challenge, leaving defenders without a clear path for threat assessment. This paper introduces a methodology to overcome this limitation. Instead of beginning with a known attack goal, we start with limited observations of an attacker’s actions. We model the target environment as a graph enriched with traversal constraints (such as cost and time), and use temporal reachability to compute the set of all possible locations an adversary could occupy. By correlating these reachable locations with the strategic value of potential assets, we develop a quantitative method to estimate and rank probable high value targets. Finally, we introduce a graph reduction technique that isolates the most relevant attack paths to these high value targets, enabling the computationally tractable generation of focused, target-specific attack trees.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Graph Reduction to Attack Trees for (Unobservable) Target Analysis

  • Aliyu Tanko Ali,
  • Leonard Chidiebere Eze,
  • Damas Gruska,
  • Martin Leucker

摘要

Attack trees are a cornerstone of formal security analysis, but their effectiveness hinges on a critical prerequisite: a known adversarial objective. In many real-world scenarios ranging from intrusions in secure facilities to sophisticated cyber-attacks this objective is often unknown due to partial observability and deliberate attacker deception. This uncertainty makes the direct synthesis of meaningful attack trees a formidable challenge, leaving defenders without a clear path for threat assessment. This paper introduces a methodology to overcome this limitation. Instead of beginning with a known attack goal, we start with limited observations of an attacker’s actions. We model the target environment as a graph enriched with traversal constraints (such as cost and time), and use temporal reachability to compute the set of all possible locations an adversary could occupy. By correlating these reachable locations with the strategic value of potential assets, we develop a quantitative method to estimate and rank probable high value targets. Finally, we introduce a graph reduction technique that isolates the most relevant attack paths to these high value targets, enabling the computationally tractable generation of focused, target-specific attack trees.