Abstract
Understanding the development and execution of a cyberattack is intrinsic in its prevention and mitigation. A suitable cyberattack analysis method can be utilised in analysing cyberattacks. However, not every analysis method can be utilised for analysing every type of cyberattack due to the specific aim, strategy, requirements and skills of an analysis method. Therefore, deciding on a simple and suitable analysis method is always a challenging task, which requires a continuous exploration of new analysis methods. This paper presents a simple and generic method for cyberattack analysis using an attack tree and fuzzy rules. The attack tree provides a graphical and granular relationship between a cyberattacker and a victim to understand the taxonomy of an attack. Subsequently, the probability and risk of each leaf node in the attack tree is calculated using the proposed formulas. Finally, fuzzy rules formalise human reasoning to manage the approximation and uncertainty of the data to determine the overall risk of attack. This method proposes a process consisting of a sequence of steps to perform a step-by-step analysis of a cyberattack and evaluate its potential risk in a simple and efficient manner, hence its prevention and mitigation can be determined beforehand. Furthermore, the paper presents a case study of an information theft attack on an organisation and its analysis using the proposed analysis method, which can be beneficial in the analysis of other similar attacks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Amenaza.com: The SecurITree advantage (2021). https://www.amenaza.com/SS-advantage.php
Arnold, F., Hermanns, H., Pulungan, R., Stoelinga, M.: Time-dependent analysis of attacks. In: International Conference on Principles of Security and Trust, pp. 285–305. Springer (2014)
Camtepe, S.A., Yener, B.: Modeling and detection of complex attacks. In: 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops-SecureComm 2007, pp. 234–243. IEEE (2007)
Jhawar, R., Kordy, B., Mauw, S., Radomirović, S., Trujillo-Rasua, R.: Attack trees with sequential conjunction. In: IFIP International Information Security and Privacy Conference, pp. 339–353. Springer (2015)
Jiang, R., Luo, J., Wang, X.: An attack tree based risk assessment for location privacy in wireless sensor networks. In: 2012 8th International Conference on Wireless Communications, Networking and Mobile Computing, pp. 1–4. IEEE (2012)
Naik, N., Grace, P., Jenkins, P.: An attack tree based risk analysis method for investigating attacks and facilitating their mitigations in self-sovereign identity. In: IEEE Symposium Series on Computational Intelligence (SSCI). IEEE (2021)
Naik, N., Grace, P., Jenkins, P., Naik, K., Song, J.: An evaluation of potential attack surfaces based on attack tree modelling and risk matrix applied to self-sovereign identity. Comput. Secur. 120, 102808 (2022)
Naik, N., Jenkins, P., Grace, P.: Cyberattack analysis based on attack tree with weighted average probability and risk of attack. In: UK Workshop on Computational Intelligence (UKCI). Springer (2022)
Naik, N., Jenkins, P., Grace, P., Prajapat, S., Naik, D., Song, J., Xu, J., Czekster, R.M.: Cyberattack analysis utilising attack tree with weighted mean probability and risk of attack. In: UK Workshop on Computational Intelligence (UKCI). Springer (2023)
Naik, N., Jenkins, P., Grace, P., Song, J.: Comparing attack models for IT systems: lockheed Martin’s cyber kill chain, MITRE ATT &CK framework and diamond model. In: 2022 IEEE International Symposium on Systems Engineering (ISSE). IEEE (2022)
Naik, N., Jenkins, P., Savage, N., Yang, L., Boongoen, T., Iam-On, N.: Fuzzy-import hashing: a static analysis technique for malware detection. Forensic Sci. Int. Digit. Invest. 37, 301139 (2021)
Naik, N., Jenkins, P., Savage, N., Yang, L., Boongoen, T., Iam-On, N., Naik, K., Song, J.: Embedded YARA rules: strengthening YARA rules utilising fuzzy hashing and fuzzy rules for malware analysis. Complex Intell. Syst. 7(2), 687–702 (2021)
Naik, N., Shang, C., Jenkins, P., Shen, Q.: D-FRI-Honeypot: a secure sting operation for hacking the hackers using dynamic fuzzy rule interpolation. IEEE Trans. Emerg. Top. Comput. Intell. 5(6), 893–907 (2020)
Salter, C., Saydjari, O.S., Schneier, B., Wallner, J.: Toward a secure system engineering methodology. In: Proceedings of the 1998 Workshop on New Security Paradigms, pp. 2–10 (1998)
Schneier, B.: Attack trees. Dr. Dobb’s J. 24(12), 21–29 (1999)
Weiss, J.D.: A system security engineering process. In: Proceedings of the 14th National Computer Security Conference, vol. 249, pp. 572–581 (1991)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Naik, N. et al. (2024). Analysing Cyberattacks Using Attack Tree and Fuzzy Rules. In: Naik, N., Jenkins, P., Grace, P., Yang, L., Prajapat, S. (eds) Advances in Computational Intelligence Systems. UKCI 2023. Advances in Intelligent Systems and Computing, vol 1453. Springer, Cham. https://doi.org/10.1007/978-3-031-47508-5_29
Download citation
DOI: https://doi.org/10.1007/978-3-031-47508-5_29
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-47507-8
Online ISBN: 978-3-031-47508-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)