Article

Collaborative attack modeling

Authors:

Jan Steffan,

Markus SchumacherAuthors Info & Claims

SAC '02: Proceedings of the 2002 ACM symposium on Applied computing

Pages 253 - 259

https://doi.org/10.1145/508791.508843

Published: 11 March 2002 Publication History

Get Access

Abstract

Avoidance and discovery of security vulnerabilities in information systems requires awareness of typical risks and a good understanding of vulnerabilities and their exploitations. In this paper we compare common methods of sharing security related knowledge with regard to their ability to support avoidance and discovery of vulnerabilities. We suggest a new method of collaborative attack modeling that is especially suitable for this purpose. This method combines a graph-based attack modeling technique with ideas of a Web-based collaboration tool.

References

[1]

Bugtraq Vulnerability Database. http://www.securityfocus.com.

Google Scholar

[2]

Common Criteria Project Homepage. http://www.commoncriteria.org.

Google Scholar

[3]

CUNNINGHAM, W. The WikiWikiWeb. http://c2.com/cgi-bin/wiki.

Google Scholar

[4]

HELMER, G., WONG, J., SLAGELL, M., HONAVAR, V., AND MILLER, L. A Software Fault Tree Approach to Requirements Analysis of an Intrusion Detection System. In Symposium on Requirements Engineering for Information Security (Indianapolis, USA, 2001).

Google Scholar

[5]

HELMER, G., WONG, J., SLAGELL, M., HONAVAR, V., MILLER, L., AND LUTZ, R. Software Fault Tree and Colored Petri Net Based Specification, Design and Implementation of Agent-Based Intrusion Detection Systems. http://citeseer.nj.nec.com/helmer01software.html.

Google Scholar

[6]

MCDERMOTT, J. Attack Net Penetration Testing. In The 2000 New Security Paradigms Workshop (Ballycotton, County Cork, Ireland, Sept. 2000), ACM SIGSAC, ACM Press, pp. 15-22.

Digital Library

Google Scholar

[7]

SALTER, C., SAYDJARI, O., SCHNEIER, B., AND WALLNER, J. Toward a Secure System Engineering Methodology. Technical report, Counterpane Systems, 101 East Minnehaha Parkway, Minneapolis, MN 55419, Sept. 1998. New Security Paradigms Workshop.

Digital Library

Google Scholar

[8]

SCHNEIER, B. Attack Trees. Dr. Dobb's Journal of Software Tools 24, 12 (Dec. 1999), 21-29.

Google Scholar

[9]

SCHUMACHER, M., HAUL, C., HURLER, M., AND BUCHMANN, A. Data Mining in Vulnerability Databases. In 7. Workshop "Sicherheit in vernetzten Systemen (Hamburg, Germay, March 2000), DFN-CERT. http://www.dvs1.informatik.tu-darmstadt.de/DVS1/research/sechouse/publications/sdb-dfn-cert-eng.pdf.

Google Scholar

[10]

SCHUMACHER, M., AND ROEDIG, U. Security Engineering with Patterns. In 8th Conference on Pattern Languages of Programs (PLoP 2001) (Monticello, Illinois, USA, September 2001).

Google Scholar

[11]

WHEELER, D. A. Secure Programming for Linux and Unix HOWTO. http://www.linuxdoc.org/HOWTO/Secure-Programs-HOWTO/, 2001.

Google Scholar

Cited By

View all

Cai RXv XLu ZZhang KLiu Y(2024)Fusion Assessment of Safety and Security for Intelligent Industrial Unmanned Systems2024 7th International Symposium on Autonomous Systems (ISAS)10.1109/ISAS61044.2024.10552597(1-6)Online publication date: 7-May-2024
https://doi.org/10.1109/ISAS61044.2024.10552597
Wang MWu PLuo Q(2023)Construction of Software Supply Chain Threat Portrait Based on Chain PerspectiveMathematics10.3390/math1123485611:23(4856)Online publication date: 2-Dec-2023
https://doi.org/10.3390/math11234856
Rana AGupta SGupta B(2023)A Dual Attack Tree Approach to Assist Command and Control Server Analysis of the Red Teaming ActivityAdvances in Cybersecurity, Cybercrimes, and Smart Emerging Technologies10.1007/978-3-031-21101-0_5(55-68)Online publication date: 12-Mar-2023
https://doi.org/10.1007/978-3-031-21101-0_5
Show More Cited By

Index Terms

Collaborative attack modeling

Recommendations

A Compendium on Risk Assessment of Phishing Attack Using Attack Modeling Techniques
Abstract
With the advent of new attacking methodologies and types of attacks, it has become difficult to protect the systems. Therefore, it is necessary to decipher the impact of attacks before and after its occurrence to provide better security. It is ...
Common Framework for Attack Modeling and Security Evaluation in SIEM Systems
GREENCOM '12: Proceedings of the 2012 IEEE International Conference on Green Computing and Communications

The paper suggests a framework for attack modeling and security evaluation in Security Information and Event Management (SIEM) systems. It is supposed that the common approach to attack modeling and security evaluation is based on modeling of a ...
A lab implementation of SYN flood attack and defense
SIGITE '08: Proceedings of the 9th ACM SIGITE conference on Information technology education

A "denial-of-service" attack is characterized by an explicit attempt by attackers to prevent legitimate users of a service from using that service. SYN flood attack is one of the most common types of DoS. In this lab, we model and simulate a real world ...

Comments

Information & Contributors

Information

Published In

SAC '02: Proceedings of the 2002 ACM symposium on Applied computing

March 2002

1200 pages

ISBN:1581134452

DOI:10.1145/508791

Conference Chair:
Gary B. Lamont
Air Force Institute of Technology, USA
,
Program Chairs:
Hisham Haddad
Kennesaw State Univ., USA
,
George Papadopoulos
Univ. of Cyprus, Cyprus
,
Publications Chair:
Brajendra Panda
University of Arkansas, USA

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 March 2002

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

SAC02

Sponsor:

SIGAPP

SAC02: 2002 ACM Symposium on Applied Computing

March 11 - 14, 2002

Madrid, Spain

Acceptance Rates

Overall Acceptance Rate 1,650 of 6,669 submissions, 25%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

41
Total Citations
View Citations
2,064
Total Downloads

Downloads (Last 12 months)21
Downloads (Last 6 weeks)3

Reflects downloads up to 18 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Cai RXv XLu ZZhang KLiu Y(2024)Fusion Assessment of Safety and Security for Intelligent Industrial Unmanned Systems2024 7th International Symposium on Autonomous Systems (ISAS)10.1109/ISAS61044.2024.10552597(1-6)Online publication date: 7-May-2024
https://doi.org/10.1109/ISAS61044.2024.10552597
Wang MWu PLuo Q(2023)Construction of Software Supply Chain Threat Portrait Based on Chain PerspectiveMathematics10.3390/math1123485611:23(4856)Online publication date: 2-Dec-2023
https://doi.org/10.3390/math11234856
Rana AGupta SGupta B(2023)A Dual Attack Tree Approach to Assist Command and Control Server Analysis of the Red Teaming ActivityAdvances in Cybersecurity, Cybercrimes, and Smart Emerging Technologies10.1007/978-3-031-21101-0_5(55-68)Online publication date: 12-Mar-2023
https://doi.org/10.1007/978-3-031-21101-0_5
Tong HXu JLi XZhang L(2022)Cyber-attack research for integrated energy systems by the correlated matrix based object-oriented modeling methodFrontiers in Energy Research10.3389/fenrg.2022.77464510Online publication date: 19-Aug-2022
https://doi.org/10.3389/fenrg.2022.774645
Lesi VJakovljevic ZPajic M(2022)Security Analysis for Distributed IoT-Based Industrial AutomationIEEE Transactions on Automation Science and Engineering10.1109/TASE.2021.310633519:4(3093-3108)Online publication date: Oct-2022
https://doi.org/10.1109/TASE.2021.3106335
Gupta SGupta BRana A(2022)A Comparative Cost Analysis of Organizational Network Security Test Lab Setup on Cloud Versus Dedicated Virtual MachineSmart Trends in Computing and Communications10.1007/978-981-16-9967-2_58(623-632)Online publication date: 6-Jul-2022
https://doi.org/10.1007/978-981-16-9967-2_58
Sequeiros JChimuco FSamaila MFreire MInácio P(2020)Attack and System Modeling Applied to IoT, Cloud, and Mobile EcosystemsACM Computing Surveys10.1145/337612353:2(1-32)Online publication date: 20-Mar-2020
https://dl.acm.org/doi/10.1145/3376123
Kumar NLaRoy N(2020)Zero Trust in the Context of the Utility IndustryProceedings of the Future Technologies Conference (FTC) 2020, Volume 310.1007/978-3-030-63092-8_65(947-967)Online publication date: 31-Oct-2020
https://doi.org/10.1007/978-3-030-63092-8_65
Xiong ZLi LYan JWang HHe HJin Y(2019)Differential Privacy with Variant-Noise for Gaussian Processes ClassificationPRICAI 2019: Trends in Artificial Intelligence10.1007/978-3-030-29894-4_9(107-119)Online publication date: 23-Aug-2019
https://doi.org/10.1007/978-3-030-29894-4_9
Lallie HDebattista KBal J(2018)An Empirical Evaluation of the Effectiveness of Attack Graphs and Fault Trees in Cyber-Attack PerceptionIEEE Transactions on Information Forensics and Security10.1109/TIFS.2017.277123813:5(1110-1122)Online publication date: 1-May-2018
https://dl.acm.org/doi/10.1109/TIFS.2017.2771238
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

A Compendium on Risk Assessment of Phishing Attack Using Attack Modeling Techniques

Common Framework for Attack Modeling and Security Evaluation in SIEM Systems

A lab implementation of SYN flood attack and defense