Date of Award

2019

Document Type

Dissertation

Degree Name

Doctor of Philosophy (PhD)

Department

Computer Science

Committee Chair

Mikel D. Petty

Committee Member

Sampson Gholston

Committee Member

Dale Thomas

Committee Member

Daniel Rochowiak

Committee Member

Feng Zhu

Subject(s)

Computer networks--Security measures, Cyberterrorism--Models, Petri nets, Trees (Graph theory)

Abstract

The number, variety, sophistication, and consequences of cyberattacks are all growing. The developers and users of computer systems should have some knowledge of the different types of cyberattacks that can occur. Models of cyberattack patterns can contribute to that knowledge. Executable models of cyberattacks used to simulate the attacks can reveal system vulnerabilities and improve decisions made by both attackers and defenders during attacks. One type of cyberattack model, Attack Trees, supports visualization and formal analysis of cyberattacks. A second type of model, Petri nets with Players, Strategies, and Costs (PNPSC), was developed specifically for cyberattack modeling as part of this research to represent the strategies, actions, and costs of actions for both the attacker and defender in a cyberattack. Although such models can be useful, manually constructing them can be time-consuming and error-prone. Realizing their full benefits requires an automated process to generate and verify such models. In this research, a process and software to automatically generate cyberattack models in the form of Attack Trees and PNPSC nets was implemented and tested. The auto-generated Attack Trees and PNPSC nets model the cyberattack patterns that are documented in the MITRE-maintained Common Attack Pattern Enumeration and Classification (CAPEC) database, which is the input to the process. The auto-generation software produces cyberattack models much more quickly than a manual process. The auto-generated models are output in Platform Independent Petri Net Editor (PIPE) and Graphviz formats for PNPSC nets and in FaultCAT format for Attack Trees. The PIPE and FaultCAT outputs support analysis and simulations and the Graphviz outputs are used for visualization. In order to confirm that PNPSC nets could accurately model cyberattacks, a selection of PNPSC nets was manually constructed from the CAPEC database and then validated using structured face validation. Then the auto-generated PNPSC nets for a much larger set of attack patterns were verified for consistency with the CAPEC database using comparative and steady-state analysis.

Download

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.