Towards Realistic Threat Modeling: Attack Commodification, Irrelevant Vulnerabilities, and Unrealistic Assumptions

01/14/2018
by   Luca Allodi, et al.
0

Current threat models typically consider all possible ways an attacker can penetrate a system and assign probabilities to each path according to some metric (e.g. time-to-compromise). In this paper we discuss how this view hinders the realness of both technical (e.g. attack graphs) and strategic (e.g. game theory) approaches of current threat modeling, and propose to steer away by looking more carefully at attack characteristics and attacker environment. We use a toy threat model for ICS attacks to show how a realistic view of attack instances can emerge from a simple analysis of attack phases and attacker limitations.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
12/03/2017

Kidemonas: The Silent Guardian

Advanced Persistent Threats or APTs are big challenges to the security o...
research
08/29/2020

Off-Path TCP Exploits of the Mixed IPID Assignment

In this paper, we uncover a new off-path TCP hijacking attack that can b...
research
12/08/2021

Towards automation of threat modeling based on a semantic model of attack patterns and weaknesses

This works considers challenges of building and usage a formal knowledge...
research
08/31/2023

Everyone Can Attack: Repurpose Lossy Compression as a Natural Backdoor Attack

The vulnerabilities to backdoor attacks have recently threatened the tru...
research
04/11/2023

Algorithms for Reconstructing DDoS Attack Graphs using Probabilistic Packet Marking

DoS and DDoS attacks are widely used and pose a constant threat. Here we...
research
11/22/2019

Insider threat modeling: An adversarial risk analysis approach

Insider threats entail major security issues in geopolitics, cyber risk ...
research
04/27/2018

Attacks and Defenses in Mobile IP: Modeling with Stochastic Game Petri Net

The urging need for seamless connectivity in mobile environment has cont...

Please sign up or login with your details

Forgot password? Click here to reset