Methodology Behind PENET Tool


In recent years, research efforts in cyber security have steadily increased as a result of growing concerns for cyber attacks and also increasing trend in cyber attack incidents. One of the important areas of research that is gaining importance is modeling of attacks and countermeasures to quantify survivability and other security measures of interest. In this context, on one extreme, attack trees model has received attention due to its simplicity and ease of analysis, and on the other extreme, stochastic models have been advocated. While attack trees model does not capture complex dependencies among events and also is not amenable for modeling dynamic nature of the attacks and countermeasures, the fitness of stochastic models is yet to be established as there is not sufficient evidence to show that attack and defense behaviors follow some known distributions. With this motivation, a new attack modeling approach based on Petri nets, called PENET, is developed in this thesis whose goal is to significantly enhance the modeling power of attack trees. PENET introduces relevant concepts such as dynamic nature of attack, repairability of a system, and the existence of recurring attacks. Moreover, it attempts to find a balance between ease of use and representation power by providing set of constructs, parameters, performance metrics, and time domain analysis of attack progress. Time domain analysis produces valuable output such as “time to reach the main goal” and the “path taken” by the attacker. This output helps to evaluate system survivability and defense strategies. This approach is implemented as a software tool, called PENET Tool, which lets users draw model diagrams of a given system through intuitive user interface, perform time domain simulations and carry out security evaluations, and enable interactive ways to improve the survivability of the system.


The main contributions of this project are two-fold:
• Extending modeling capabilities of attack trees by using Petri net constructs in order to significantly improve the analytical capabilities of attack trees, specifically by:
a) Addressing existing issues in attack trees such as limited representation power,
imprecision, and lack of defined defense modeling.
b) Introducing concepts of recurring attacks, defense modeling, and dynamic constructs.
c) Introducing an analysis approach that follows attack execution in time domain.
d) Providing means to evaluate system survivability and defense strategies.
• Developing software tool that implements new approach and establishes its practical use.