Browse > Article
http://dx.doi.org/10.13089/JKIISC.2017.27.2.259

Game Theory-Based Vulnerability Quantification Method Using Attack Tree  

Lee, Seokcheol (Ajou University)
Lee, Sang-Ha (Dong Seoul University)
Shon, Taeshik (Ajou University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.27, no.2, 2017 , pp. 259-266 More about this Journal
Abstract
In modern society, IT technology based systems are introduced and operated in various fields such as home, industry, and finance. To ensure the safety of society, IT systems introduced throughout society should be protected from cyber attacks. Understanding and checking the current security status of the system is one of the important tasks to response effectively against cyber attacks. In this paper, we analyze limitations of Game Theory and Attack Tree methodologies used to inspect for security vulnerabilities. Based on this, we propose a security vulnerability quantification method that complements the limitations of both methodologies. This provides a more objective and systematic way to inspect for security weaknesses.
Keywords
Game Theory; Attack Tree; Vulnerability Quantification;
Citations & Related Records
연도 인용수 순위
  • Reference
1 B. Schneier, "Attack Trees," Dr. Dobb's Journal, Oct. 1999.
2 Osborne, M. J. and Rubinstein, A, "A Course in Game Theory," The MIT Press, Jan. 2014.
3 First.org, Inc., "Common Vulnerability Scoring System v3.0," Jun. 2015.
4 R. Arai, K. Yamamoto, T. Nishio, and M. Morikura, "Differential game-theoretic framework for a demand-side energy management system," Proc. IEEE SmartGridComm 2013, Vancouver, Canada, Oct. 2013.
5 M. Felegyhazi, J.-P. Hubaux, "Game Theory in Wireless Networks: A Tutorial", EPFL Technical Report LCA-REPORT-2006-002, Feb. 2006.
6 W. He, et al, "A Game Theoretical Attack-Defense Model Oriented to Network Security Risk Assessment", International Conference on Computer Science and Software Engineering, Dec. 2008.
7 Boehmer W, "Dynamic Systems Approach to Analyzing Event Risks and Behavioral Risk with Game Theory," IEEE Third international conference on Privacy, security, risk and trust and social computing, Oct. 2011.
8 X. Liang and Y. Xiao, "Game Theory for Network Security," in IEEE Communications Surveys & Tutorials, vol. 15, no. 1, pp. 472-486, First Quarter 2013.   DOI
9 R. Hewett, S. Rudrapattana and P. Kijsanayothin, "Smart Grid security: Deriving informed decisions from cyber attack game analysis," 2014 IEEE International Conference on Smart Grid Communications (Smart GridComm), Venice, Nov. 2014.
10 R. Lipmann and K. Ingols, "An annotated review of past papers on attack graphs," Tech. Rep., Lincoln Laboratory, Mar. 2005.
11 Jung-kuk Seo et al, "Adapted Attack Tree for Internet Attack Simulation," Proceedings of Symposium of the Korean Institute of communications and Information Sciences, Nov. 2002.
12 C. W. Ten, C. C. Liu and M. Govindarasu, "Vulnerability Assessment of Cybersecurity for SCADA Systems Using Attack Trees," 2007 IEEE Power Engineering Society General Meeting, Tampa, FL, Feb. 2007.
13 Common Vulnerabilities and Exposures, "https://cve.mitre.org/"
14 Du S. and Zhu H, "Attack-Defense Tree Based Security Assessment," Security Assessment in Vehicular Net works, Springer New York, Oct. 2013.
15 X. Ji, H. Yu, G. Fan and W. Fu, "Attack-defense trees based cyber security analysis for CPSs," 2016 17th IEEE/ACIS International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD), Shanghai, May. 2016.