Associate Professor
Technical University of Denmark
Attack Trees are a graphical model of security used to study threat scenarios. While visually appealing and supported by solid theories and effective tools, one of their main drawbacks remains the amount of effort required by security experts to design them from scratch. This work aims at remedying this by providing a method for the automatic generation of Attack Trees from attack logs. The main original feature of our approach w.r.t. existing ones is the use of Process Mining algorithms to synthesize Attack Trees, which allow users to customize the way a set of logs are summarized as an Attack Tree, for example by discarding statistically irrelevant events. Our approach is supported by a prototype that, apart from the derivation and translation of the model, provides the user with an Attack Tree in the RisQFLan format, a tool used for quantitative risk modeling and analysis with Attack Trees. We use literature case studies to illustrate and explore the capabilities of our approach.
In Proceedings of REoCAS Colloquium in Honor of Rocce De Nicola; Crete, Greece; 2024.
Copyright and moral rights for the publications made accessible in the public website are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights.
If you believe that this document breaches copyright please contact us providing details, and we will remove access to the work immediately and investigate your claim.
Latest website update: 04 November 2024.