English

Efficient Algorithms for Quantitative Attack Tree Analysis

Cryptography and Security 2022-09-29 v2 Data Structures and Algorithms
Authors: Carlos E. Budde , Mariëlle Stoelinga
View on arXiv PDF DOI

Abstract

Numerous analysis methods for quantitative attack tree analysis have been proposed. These algorithms compute relevant security metrics, i.e. performance indicators that quantify how good the security of a system is, such as the most likely attack, the cheapest, or the most damaging one. This paper classifies attack trees in two dimensions: proper trees vs. directed acyclic graphs (i.e. with shared subtrees); and static vs. dynamic gates. For each class, we propose novel algorithms that work over a generic attribute domain, encompassing a large number of concrete security metrics defined on the attack tree semantics. We also analyse the computational complexity of our methods.

Keywords

decision tree random forest vulnerability detection

Cite

@article{arxiv.2105.07511,
  title  = {Efficient Algorithms for Quantitative Attack Tree Analysis},
  author = {Carlos E. Budde and Mariëlle Stoelinga},
  journal= {arXiv preprint arXiv:2105.07511},
  year   = {2022}
}

Comments

Public version of CSF'21 paper, including an appendix with all proofs of lemmas and theorems

Related papers

View all related →
Cryptography and Security · Computer Science
Efficient and Generic Algorithms for Quantitative Attack Tree Analysis
Milan Lopuhaä-Zwakenberg, Carlos E. Budde, Mariëlle Stoelinga
2022-12-13
Cryptography and Security · Computer Science
Quantitative Questions on Attack-Defense Trees
Barbara Kordy, Sjouke Mauw, Patrick Schweitzer
2012-10-31
Cryptography and Security · Computer Science
Attribute Evaluation on Attack Trees with Incomplete Information
Ahto Buldas, Olga Gadyatskaya, Aleksandr Lenin, Sjouke Mauw +1
2019-01-11
Cryptography and Security · Computer Science
ATM: a Logic for Quantitative Security Properties on Attack Trees
Stefano M. Nicoletti, Milan Lopuhaä-Zwakenberg, E. Moritz Hahn, Mariëlle Stoelinga
2024-05-20
Cryptography and Security · Computer Science
Attack tree metrics are operad algebras
Milan Lopuhaä-Zwakenberg
2024-01-19
Cryptography and Security · Computer Science
QuADTool: Attack-Defense-Tree Synthesis, Analysis and Bridge to Verification
Florian Dorfhuber, Julia Eisentraut, Katharina Klioba, Jan Kretinsky
2024-09-19
Cryptography and Security · Computer Science
A Survey of Automatic Generation of Attack Trees and Attack Graphs
Alyzia-Maria Konsta, Beatrice Spiga, Alberto Lluch Lafuente, Nicola Dragoni
2023-09-26
Cryptography and Security · Computer Science
Is my attack tree correct? Extended version
Maxime Audinot, Sophie Pinchinat, Barbara Kordy
2018-02-12
Cryptography and Security · Computer Science
Hackers vs. Security: Attack-Defence Trees as Asynchronous Multi-Agent Systems
Jaime Arias, Carlos E. Budde, Wojciech Penczek, Laure Petrucci +1
2019-10-24
Cryptography and Security · Computer Science
Parametric analyses of attack-fault trees
Étienne André, Didier Lime, Mathias Ramparison, Mariëlle Stoelinga
2019-05-10
Cryptography and Security · Computer Science
A Novel Approach for Attack Tree to Attack Graph Transformation: Extended Version
Nathan Daniel Schiele, Olga Gadyatskaya
2021-10-07
Cryptography and Security · Computer Science
Attack-Defense Trees with Offensive and Defensive Attributes (with Appendix)
Danut-Valentin Copae, Reza Soltani, Milan Lopuhaä-Zwakenberg
2025-04-18
Cryptography and Security · Computer Science
Towards Automating the Construction & Maintenance of Attack Trees: a Feasibility Study
Stéphane Paul
2014-04-09
Cryptography and Security · Computer Science
Attack Tree Generation via Process Mining
Alyzia-Maria Konsta, Gemma Di Federico, Alberto Lluch Lafuente, Andrea Burattin
2024-09-13
Cryptography and Security · Computer Science
A Unified Compositional View of Attack Tree Metrics
Benedikt Peterseim, Milan Lopuhaä-Zwakenberg
2025-11-19
Cryptography and Security · Computer Science
Quantitative Security Risk Modeling and Analysis with RisQFLan
Maurice H. ter Beek, Axel Legay, Alberto Lluch Lafuente, Andrea Vandin
2021-01-22
Cryptography and Security · Computer Science
Attack Tree Distance: a practical examination of tree difference measurement within cyber security
Nathan D. Schiele, Olga Gadyatskaya
2025-03-05
Cryptography and Security · Computer Science
Quantitative analysis of attack-fault trees via Markov decision processes
Milan Lopuhaä-Zwakenberg
2024-08-14
Cryptography and Security · Computer Science
How hard can it be? Quantifying MITRE attack campaigns with attack trees and cATM logic
Stefano M. Nicoletti, Milan Lopuhaä-Zwakenberg, Mariëlle Stoelinga, Fabio Massacci +1
2026-01-23
Cryptography and Security · Computer Science
Cost-damage analysis of attack trees
Milan Lopuhaä-Zwakenberg, Mariëlle Stoelinga
2023-04-13
Cryptography and Security · Computer Science
DAG-Based Attack and Defense Modeling: Don't Miss the Forest for the Attack Trees
Barbara Kordy, Ludovic Piètre-Cambacédès, Patrick Schweitzer
2013-04-01
Cryptography and Security · Computer Science
Streamlining Attack Tree Generation: A Fragment-Based Approach
Irdin Pekaric, Markus Frick, Jubril Gbolahan Adigun, Raffaela Groner +4
2023-10-03
Optimization and Control · Mathematics
A Tree Structure Approach to Reachability Analysis
Alessandro Alla, Peter M. Dower, Vincent Liu
2022-10-27
Cryptography and Security · Computer Science
Discovering, quantifying, and displaying attacks
Roberto Vigo, Flemming Nielson, Hanne Riis Nielson
2018-03-30
Cryptography and Security · Computer Science
Attack Tree Analysis for Adversarial Evasion Attacks
Yuki Yamaguchi, Toshiaki Aoki
2023-12-29