Date of Award
Doctor of Philosophy (PhD)
Mikel D. Petty
Computer networks--Security measures., Cyberterrorism--Models., Petri nets., Trees (Graph theory)
The number, variety, sophistication, and consequences of cyberattacks are all growing. The developers and users of computer systems should have some knowledge of the different types of cyberattacks that can occur. Models of cyberattack patterns can contribute to that knowledge. Executable models of cyberattacks used to simulate the attacks can reveal system vulnerabilities and improve decisions made by both attackers and defenders during attacks. One type of cyberattack model, Attack Trees, supports visualization and formal analysis of cyberattacks. A second type of model, Petri nets with Players, Strategies, and Costs (PNPSC), was developed specifically for cyberattack modeling as part of this research to represent the strategies, actions, and costs of actions for both the attacker and defender in a cyberattack. Although such models can be useful, manually constructing them can be time-consuming and error-prone. Realizing their full benefits requires an automated process to generate and verify such models. In this research, a process and software to automatically generate cyberattack models in the form of Attack Trees and PNPSC nets was implemented and tested. The auto-generated Attack Trees and PNPSC nets model the cyberattack patterns that are documented in the MITRE-maintained Common Attack Pattern Enumeration and Classification (CAPEC) database, which is the input to the process. The auto-generation software produces cyberattack models much more quickly than a manual process. The auto-generated models are output in Platform Independent Petri Net Editor (PIPE) and Graphviz formats for PNPSC nets and in FaultCAT format for Attack Trees. The PIPE and FaultCAT outputs support analysis and simulations and the Graphviz outputs are used for visualization. In order to confirm that PNPSC nets could accurately model cyberattacks, a selection of PNPSC nets was manually constructed from the CAPEC database and then validated using structured face validation. Then the auto-generated PNPSC nets for a much larger set of attack patterns were verified for consistency with the CAPEC database using comparative and steady-state analysis.
Whitaker, Tymaine S., "Generating cyberattack model components from an attack pattern database" (2019). Dissertations. 174.